Forum: Ruby on Rails cancan roles issue

B8ba39ba90d8cd393e99204267782663?d=identicon&s=25 Phil (Guest)
on 2013-07-02 00:24
(Received via mailing list)
Rails 3.2.11
Ruby 2


Hi,

I am building my first rails app and decided to use Devise(2.2.4) and
Cancan(1.6.10) for auth and role management. The auth part works nicely
but
I haven't been able to get cancan working correctly. I have one role
setup(admin). But when I try view the users index page it redirects me
to
the homepage even though I'm an admin. ANy advice on where I may be
going
wrong is most welcomed.

Here is my code:

# app/models/ability.rb
class Ability

  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)
    if user.role? :admin
      can :manage, :all
    else
      can :read, :all
    end
  end
end



# app/controllers/users_controller.rb
class UsersController < ApplicationController

  load_and_authorize_resource
  before_filter :authenticate_user!

  def index
    @users = User.all
    authorize! :manage, @users

    respond_to do |format|
      format.html
      format.json  { render :json => @users }
    end
  end
end



# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base

  protect_from_forgery

  def after_sign_in_path_for(resource)
    root_url
  end

  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end

  def current_ability
    @current_ability ||= Ability.new(current_user)
  end

  #load the permissions for the current user so that UI can be
manipulated
  def load_permissions
    @current_permissions = current_user.role.permissions.collect{|i|
[i.subject_class, i.action]}
  end

end
A47e0a6beeb9d048ff054fc1c3a97418?d=identicon&s=25 Walter Davis (walterdavis)
on 2013-07-02 02:12
(Received via mailing list)
On Jul 1, 2013, at 6:22 PM, Phil wrote:

> # app/models/ability.rb
>     end
>
>
>
>   rescue_from CanCan::AccessDenied do |exception|
>     redirect_to root_url, :alert => exception.message
>   end
>
>   def current_ability
>     @current_ability ||= Ability.new(current_user)
>   end

This may be the problem. I have never once defined the current_ability
method, just relied on CanCan to provide it. See what happens if you
comment this out and restart your server.

Walter
9396abc468bd402ef13990dfdc749ea0?d=identicon&s=25 Dave Kimura (kobaltz)
on 2013-07-02 10:38
(Received via mailing list)
if user.role? :admin looks strange. the .role? indicates that it is a
boolean, no?
B8ba39ba90d8cd393e99204267782663?d=identicon&s=25 Phillip (Guest)
on 2013-07-02 22:28
(Received via mailing list)
Thanks for the replies, I got to the bottom of the issue. I was
following
this in a tutorial and had the following on my users model, which was
converting the role name to camelcaze, so when I removed the ".camelize"
it
let me in to the restricted pages as expected. Thanks again for the
help!

def role?(role)
  return !!self.roles.find_by_name(role.to_s.camelize)
end
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.