Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
CanCan makes two assumptions about your application.
- You have an
Abilityclass which defines the permissions.
- You have a
current_usermethod in the controller which returns the current user model.
You can override both of these by defining the
current_ability method in your
ApplicationController. The current method looks like this.
def current_ability @current_ability ||= Ability.new(current_user) end
Ability class and
current_user method can easily be changed to something else.
# in ApplicationController def current_ability @current_ability ||= AccountAbility.new(current_account) end
Sometimes you might have a gem in your project which provides its own Rails engine which also uses CanCan such as LocomotiveCMS. In this case the current_ability override in the ApplicationController can also be useful.
# in ApplicationController def current_ability if request.fullpath =~ /\/locomotive/ @current_ability ||= Locomotive::Ability.new(current_user) else @current_ability ||= Ability.new(current_user) end end
If your method that returns the currently logged in user just has another name than
current_user, it may be the easiest solution to simply alias the method in your ApplicationController like this:
class ApplicationController < ActionController::Base alias_method :current_user, :name_of_your_method # Could be :current_member or :logged_in_user end
That's it! See Accessing Request Data for a more complex example of what you can do here.