ryanb
Complex Abilities, accessible_by and strange issue
Hi guys,
This is my Ability.rb file :
class Ability
include CanCan::Ability
def initialize(user)
user ||= Manifold.new
if user.kind_of? User
if user.role? :super_admin
can :manage, :all
elsif user.role? :admin
can [:index, :update], MailTemplate , {
:id => MailTemplate.where('
(
mail_templates.mail_templatable_type LIKE "Application" AND
mail_templates.mail_templatable_id = ?
)
OR
(
mail_templates.mail_templatable_type LIKE "Event" AND
events.application_id = ?
)
', user.application_id, user.application_id)
.joins('
LEFT JOIN events ON events.id = mail_templates.mail_templatable_id
')
}
end
end
end
end
And in my Controller I'm using accessible_by(current_ability) to get MailTemplates corresponding to my current ability. It work well but when i'm logged as an admin user it won't let me to edit my MailTemplate.
I'm doing something wrong in my Ability declaration ? Or this is a real issue ? ^^
@alex-handley no I didn't success to solve it, I just comment load_and_authorize_resource and keep accessible_by.
But I want to to solve it for futur usage :)
Have you checked the 'MailTemplate.where' query to see what it returns? I dont think it would return an id.
Also take a look at - https://github.com/ryanb/cancan/wiki/Defining-Abilities-with-Blocks Block are great at making your code more readable :)
Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.
CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.
If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.
We hope to see you on the other side!
