search

ryanb / cancan

Authorization Gem for Ruby on Rails.
MIT License
6.27k stars 784 forks source link

Complex Abilities, accessible_by and strange issue #809

Open Awea opened 11 years ago

Awea commented 11 years ago

Hi guys,

This is my Ability.rb file :

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= Manifold.new
    if user.kind_of? User
      if user.role? :super_admin
        can :manage, :all
      elsif user.role? :admin
        can [:index, :update], MailTemplate                     , {
          :id => MailTemplate.where('
            (
              mail_templates.mail_templatable_type LIKE "Application" AND
              mail_templates.mail_templatable_id = ?
            ) 
            OR
            (
              mail_templates.mail_templatable_type LIKE "Event" AND
              events.application_id = ?
            )
          ', user.application_id, user.application_id)
          .joins('
            LEFT JOIN events ON events.id = mail_templates.mail_templatable_id
          ')
        }
      end 
    end
  end
end

And in my Controller I'm using accessible_by(current_ability) to get MailTemplates corresponding to my current ability. It work well but when i'm logged as an admin user it won't let me to edit my MailTemplate.

I'm doing something wrong in my Ability declaration ? Or this is a real issue ? ^^

alex-handley commented 11 years ago

@Awea did you resolve the issue? if not i'd be happy to help.

Awea commented 11 years ago

@alex-handley no I didn't success to solve it, I just comment load_and_authorize_resource and keep accessible_by.

But I want to to solve it for futur usage :)

alex-handley commented 11 years ago

Have you checked the 'MailTemplate.where' query to see what it returns? I dont think it would return an id.

Also take a look at - https://github.com/ryanb/cancan/wiki/Defining-Abilities-with-Blocks Block are great at making your code more readable :)

xhoy commented 10 years ago

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!