Note for Devise / CanCan 2.0 users

[mribbons]

I had some trouble with this and couldn't find anything online so I'm just posting this one to help anyone who may come across the same problem:

Ruby 2.0 Rails 4.0.1 CanCan 2.0.0 Devise 3.2.0

Using

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  enable_authorization
end

When attempting to access sign_in resource I got this error: CanCan::Unauthorized in Devise::SessionsController#new

I had to add this to ability.rb:

can :create, %i(devise/sessions)

(Or < ruby 2) can :create :"devise/sessions"

I tried several things that didn't work:

# Note use of :access would not be secure in production
can :access :users
can :access Devise::SessionsController

Apologies if this is an inappropriate post.

Regards, Mike Ribbons

[graywh]

Instead of an issue, you could update the wiki https://github.com/ryanb/cancan/wiki/CanCan-2.0