ryanb / cancan

Authorization Gem for Ruby on Rails.
MIT License
6.26k stars 782 forks source link

The accessible_by call cannot be used with a block 'can' definition #957

Open phlegx opened 11 years ago

phlegx commented 11 years ago

Using active_admin together with cancan results in an error:

The accessible_by call cannot be used with a block 'can' definition

My block description does look like the following:

can :manage, Authentication do |auth|
  auth.user_id == user.id || user.organization.include?(auth.organization)
end

It seems that cancan doesn't like accessible_by calls when the cancan definition is written in a block. Any ideas what I can do about this? Is it possible to write the block above in a non-block fashion? If yes, how?

cu

graywh commented 11 years ago

Can you construct a hash of conditions for where to select the appropriate records? If so, use that instead.

If you cannot, you will need to pass an SQL fragment.

https://github.com/ryanb/cancan/wiki/Defining-Abilities-with-Blocks

phlegx commented 11 years ago

@graywh thanks! Could you give me an example of how to use a hash of conditions for "where" with a non-block statement to select the appropriate records?

I'm trying to figure out how to construct that.

thank you!

cue232s commented 10 years ago

@phlegx did you solve this issue? If so, can you share you solution? Thanks.

twessler commented 10 years ago

You can do it, but you will have to split it into two statements. Rails doesn't do OR with hashed conditions, but cancan puts abilities together with OR. The following should work:

def initialize(user)
  user ||= User.new

  can :manage,
    Authentication,
    :user_id => user.id

 can :manage,
   Authentication,
   :organization_id => user.organization_id
end