Open chrisbloom7 opened 11 years ago
Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.
CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.
If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.
We hope to see you on the other side!
I just completed an enhancement request for our application to enable more fine-grained permissions on objects based on relationships defined between two resources. I had written a few unit tests to make sure the
can?
andcannot?
methods were reporting the proper permissions, and the tests all passed fine. However, once we started doing whitebox testing on our staging server we noticed that suddenly no one could see any of these resources, even admins who havecan :manage, :all
permissions. I wrote another unit test which indicated that admins did indeed have permission to those objects, and then started poking around in the CanCan internals to see what was going on. After an hour or so I stumbled across the note in the wiki stating that theaccessible_by
method, which is used byload_resources
, doesn't play well with blockcan
definitions. When I used theaccessible_by
scope in the command line I saw the "CanCan::Error Exception: The accessible_by call cannot be used with a block 'can' definition." error being reported. But nothing appears to ever be reported when controllers use theload_resource
before filter and instead the instance variables are justnil
. It would be helpful if that exception was allowed to bubble up to the controller so developers could see that there was something that needed to be overwritten in the controller action. (I realize that a functional test could have helped me spot this earlier, but as stated in the CanCan wiki, "It can be difficult to thoroughly test user permissions at the functional/integration level because there are often many branching possibilities.") At the very least, perhaps just generate a warning to the log file.