Object ID attribute is changed when updating object #1203

Closed
rzmz opened this Issue Jun 13, 2012 · 5 comments

Comments

Projects
None yet
2 participants

rzmz commented Jun 13, 2012

Hi, I found something that might be an issue, not sure though. Somebody more experienced should look into this perhaps.
Scenario: using Devise (with CanCan) also for application authentication. When trying to edit my User object in Rails Admin, always the current user logged in gets updated instead (the :id attribute was being changed in lib/rails_admin/config/actions/edit.rb)

I monkeypatched that issue in a fork but I am not sure, why or where the :id attribute is added for changing.
rzmz/rails_admin@247633b

Collaborator

mshibuya commented Jul 4, 2012

Could you paste what you have in your CanCan Ability class?

rzmz commented Jul 5, 2012

class Ability

include CanCan::Ability

def initialize(user)

user ||= User.new

can :index, :home
can :demo, :home
cannot :create, Settings
can [:label, :browse, :find_organization_location], :home
    can [:create, :new], User

if user.active_for_authentication? && !user.demo_user?
  can :manage, Calculation, :organization_id => user.organization.id
  can :account, :home
  can :label, :home
  can :read, Order, :organization_id => user.organization.id
        can :manage, User, :id => user.id
elsif user.active_for_authentication? && user.demo_user?
  can :manage, Calculation, :user_id => user.id
  can :manage, DemoCalculation, :user_id => user.id
  can :account, :home
end

if user.is_admin?
  can :dashboard
  can :access, :rails_admin
  if user.organization.is_system_owner?
    can :manage, :all
    cannot [:create, :destroy], Settings
  else
    can :manage, User, :id => user.organization.users.map(&:id)
    cannot :destroy, User

    can :manage, [Location, TransportRoute, TransportWaypoint]
    cannot [:edit, :destroy], [Location, TransportRoute, TransportWaypoint]

    can :manage, Organization, :id => user.organization.id

    if user.organization.kind_of?(PrintOffice)
      can :manage, Statistics, :print_office_id => user.organization.id
    end

    can :read, [DataSource, Paper, Paint, PrintingPlate], :is_private => false
    can :manage, [DataSource, Paper, Paint, PrintingPlate], :organization_id => user.organization.id
    cannot :read, [PrintOffice, Customer, Manufacturer]
    cannot [:create, :destroy], [Organization, User]
  end
end

end
end

rzmz commented Jul 5, 2012

Ok, now I see:
can :manage, User, :id => user.id
might be the culprit here.

Collaborator

mshibuya commented Jul 5, 2012

I think so, too.
You'd better create another Ability class dedicated for RailsAdmin so Ability declarations won't interact needlessly.
Please refer 'Use different Ability classes for front-end and admin' section of https://github.com/sferik/rails_admin/wiki/CanCan for detail.

@mshibuya mshibuya closed this Jul 5, 2012

rzmz commented Jul 5, 2012

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment