Hello All,
Does cancan works without fetching roles data from db?
Can we give permissions accordingly?
Can we configure those roles like enum classes in java or in any config
file?
Thanks
On Oct 5, 2012, at 7:46 AM, Avi wrote:
Hello All,
Does cancan works without fetching roles data from db?
Can we give permissions accordingly?
Can we configure those roles like enum classes in java or in any config file?
The default setup (all I’ve ever done) is to configure the various roles
in the ability.rb class file. If you look at the documentation or the
RailsCast, that’s what they start with. As far as looking up the current
user to determine what role that user has, CanCan assumes you’re using
some authentication, which probably means looking up the user from the
database, and that the authentication creates a current_user method that
returns an object representing that authenticated user. CanCan doesn’t
get into the business of creating that current_user, though.
Walter
Thanks for the reply.
How cancan can be used for restricting the methods in controllers which
has
no models ?
On Mon, Oct 8, 2012 at 6:59 AM, Walter Lee D. [email protected]
wrote:
By dealing with the model that represents current_user or its local equivalent.
The controller in question does not have to be the UsersController by any means,
as long as you have authenticated at some point, and have a current_user somewhere
in your application. Lots more here:
Authorizing controller actions · ryanb/cancan Wiki · GitHub
You don’t really need to authenticate since you can blanket deny based
on new user.
On Oct 8, 2012, at 3:32 AM, Avi wrote:
Thanks for the reply.
How cancan can be used for restricting the methods in controllers which has no
models ?
By dealing with the model that represents current_user or its local
equivalent. The controller in question does not have to be the
UsersController by any means, as long as you have authenticated at some
point, and have a current_user somewhere in your application. Lots more
here:
Walter