-
I have a form in the users account settings from which user can update multiple models like photos, items (associated to users model) in one shot. The user model accepts_nested_attributes_for photos a…
-
I currently have a User collection, and within that collection there is a Friend embedded document. I want to setup authorization so only the users that are connected can delete a friend. This equat…
-
Hello,
Extracting from Wiki...
> ...
> If the model class is namespaced differently than the controller you will need to specify the :class option.
>
> ``` ruby
> class ProductsController < Applica…
-
Setup: a place habtm clients (pure join table), a client account has many clients.
Client Account Abilities defined like this:
```
can :manage, Place, :clients => { :id => client_ids }
can :manage, …
-
Calling `skip_load_resource` or `skip_authorize_resource` an instance of `ImplementationRemoved` exception is raised: ok.
The problem is that `skip_load_and_authorize_resource` include a call to `skip…
-
Hey,
it's rather a question than an issue: I want to load user's profile, which is a singular resource through current user and I have something like this:
```
load_and_authorize_resource :through =…
-
https://github.com/elabs/pundit
-
when:
```ruby
can :update, Note { |note| note.writer_id == user.id }
```
### CanCan handle undefined method exception (undefined method Note' for # )
when:
```ruby
can :update, Note do…
-
### Steps to reproduce
```
require "cancan"
class Thing
attr_reader :holder
def initialize(holder); @holder = holder; end
end
class Ability
include CanCan::Ability
def initializ…
-
I currently have CanCan implemented in such a way that a user can only manage their own items. Now I need the ability for users to grant permissions to manage objects they own to other users in the s…