-
When creating a new Application record to interact with the API layer, Bullet Train creates a user and membership that corresponds to the application. The issue is that when this user is removed from …
-
The **Defining Abilities** wiki page states the following about using scopes:
> You cannot use this with multiple can definitions that match the same action and model since it is not possible to comb…
-
This will be a master ticket listing major changes made to Sufia 6.x that we will need to port. We can then track those in separate tickets.
- [ ] Migrate Sufia 6.x repository objects
- [ ] Migrate Su…
-
Hi Joel,
We're currently upgrading from Rails 3.2 to Rails 4.0 and your gem is of great interest to us! Cancancan's usage of includes has broken our existing functionality, which have been working f…
-
**Solidus Version**:
all including master
**Description**
In some views we're probably using `cancancan` in an unsupported way.
Instead of passing a single action, we provide an array with mu…
-
**Describe the bug**
Field-specific abilities act differently based on whether conditions are given as null or empty object. If `conditions` is an empty object, field-specific inverted rule can not o…
-
In many applications, different access violations should redirect to different pages.
e.g. if the user is not signed in and tries to comment on something, they get redirected to the user sign in page…
-
It seems a bit redundant to have to do something like this:
```
can :read, Blog, Blog.published do |blog|
blog.published?
end
```
One possibility would be to generate a default block when it is no…
-
In Cancan 2.0 (cancan-aed9f26e5610)
My rules are defined as such:
``` ruby
class Ability
include CanCan::Ability
def initialize(user)
can :read, :referrals
cannot :read, :referrals, :st…
-
In many scenarios it is desired that only Admins, those with privileged accounts, could delete objects like Accounts, Leads, Campaigns, Tasks. Or, for instance, download XLS files of the whole data.
…