Object ID attribute is changed when updating object #1203

rzmz opened this Issue Jun 13, 2012 · 5 comments


None yet
2 participants

rzmz commented Jun 13, 2012

Hi, I found something that might be an issue, not sure though. Somebody more experienced should look into this perhaps.
Scenario: using Devise (with CanCan) also for application authentication. When trying to edit my User object in Rails Admin, always the current user logged in gets updated instead (the :id attribute was being changed in lib/rails_admin/config/actions/edit.rb)

I monkeypatched that issue in a fork but I am not sure, why or where the :id attribute is added for changing.


mshibuya commented Jul 4, 2012

Could you paste what you have in your CanCan Ability class?

rzmz commented Jul 5, 2012

class Ability

include CanCan::Ability

def initialize(user)

user ||= User.new

can :index, :home
can :demo, :home
cannot :create, Settings
can [:label, :browse, :find_organization_location], :home
    can [:create, :new], User

if user.active_for_authentication? && !user.demo_user?
  can :manage, Calculation, :organization_id => user.organization.id
  can :account, :home
  can :label, :home
  can :read, Order, :organization_id => user.organization.id
        can :manage, User, :id => user.id
elsif user.active_for_authentication? && user.demo_user?
  can :manage, Calculation, :user_id => user.id
  can :manage, DemoCalculation, :user_id => user.id
  can :account, :home

if user.is_admin?
  can :dashboard
  can :access, :rails_admin
  if user.organization.is_system_owner?
    can :manage, :all
    cannot [:create, :destroy], Settings
    can :manage, User, :id => user.organization.users.map(&:id)
    cannot :destroy, User

    can :manage, [Location, TransportRoute, TransportWaypoint]
    cannot [:edit, :destroy], [Location, TransportRoute, TransportWaypoint]

    can :manage, Organization, :id => user.organization.id

    if user.organization.kind_of?(PrintOffice)
      can :manage, Statistics, :print_office_id => user.organization.id

    can :read, [DataSource, Paper, Paint, PrintingPlate], :is_private => false
    can :manage, [DataSource, Paper, Paint, PrintingPlate], :organization_id => user.organization.id
    cannot :read, [PrintOffice, Customer, Manufacturer]
    cannot [:create, :destroy], [Organization, User]


rzmz commented Jul 5, 2012

Ok, now I see:
can :manage, User, :id => user.id
might be the culprit here.


mshibuya commented Jul 5, 2012

I think so, too.
You'd better create another Ability class dedicated for RailsAdmin so Ability declarations won't interact needlessly.
Please refer 'Use different Ability classes for front-end and admin' section of https://github.com/sferik/rails_admin/wiki/CanCan for detail.

@mshibuya mshibuya closed this Jul 5, 2012

rzmz commented Jul 5, 2012


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment