Note for Devise / CanCan 2.0 users #959

mribbons opened this Issue Nov 12, 2013 · 1 comment

2 participants


I had some trouble with this and couldn't find anything online so I'm just posting this one to help anyone who may come across the same problem:

Ruby 2.0
Rails 4.0.1
CanCan 2.0.0
Devise 3.2.0


class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

When attempting to access sign_in resource I got this error:
CanCan::Unauthorized in Devise::SessionsController#new

I had to add this to ability.rb:

can :create, %i(devise/sessions)

(Or < ruby 2)
can :create :"devise/sessions"

I tried several things that didn't work:

# Note use of :access would not be secure in production
can :access :users
can :access Devise::SessionsController

Apologies if this is an inappropriate post.

Mike Ribbons


Instead of an issue, you could update the wiki

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment