cancan

When using the CanCan adapter in ActiveAdmin 0.6.0. I have a resource working and authorization is working. However, when I go to /admin , the root ActiveAdmin page, it redirects to /admin and continues this forever. If the user does not have access to a page, ActiveAdmin redirects to the Dashboard. If the user doesn't have access to the dashboard, this results in an infinite redirect. Solution is to give the user the ability to read the dashboard page. Place this in the ability model object: can :read, ActiveAdmin::Page, :name => "Dashboard" This is mentioned in the authorization adapter

I'm using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public . If the event is marked as public => true then I want anybody, signed in or not to be able to access the record with GET /events/:id If it is marked as public => false then a series of cancan abilities will decide authorization and access to the above resource. What is the best pattern for achieving this? shingara You can do that by skip the authenticate_user! in case of you have this args skip_before_filter :authenticate_user!, :only => :show, :if => lambda { if params[:id] @event = Event

I have a standard RESTful controller that uses strong parameters. class UsersController < ApplicationController respond_to :html, :js def index @users = User.all end def show @user = User.find(params[:id]) end def new @user = User.new end def edit @user = User.find(params[:id]) end def create @user = User.new(safe_params) if @user.save redirect_to @user, notice: t('users.controller.create.success') else render :new end end def update @user = User.find(params[:id]) if @user.update_attributes(safe_params) redirect_to @user, notice: t('users.controller.update.success') else render :edit end end

I am trying to give some custom roles within spree specific permissions. Cant find this answer anywhere role_ability.rb class RoleAbility include CanCan::Ability def initialize(user) user || User.new # for guest if user.has_role? "admin" can :manage, :all elsif user.has_role? "retailer" can :manage, Product else can :read, :all end end end I thought this might be a popular idea, of letting a user with role 'manager' manage only products and other certain Models... if I change elsif user.has_role? "retailer" can :manage, Product to elsif user.has_role? "retailer" can :manage, :all It works as

How would you prevent other users from editing a object, say a profile object that does - not - belong to themselves? Most online examples are complexes with multiple user roles, i haven't been able to get this working, must be simple though: def initialize(user) can :update, Profile do |profile| profile.try(:user) == current_user end end And inside my ProfilesController#edit authorize! :update, @profile LearningRoR First question is, have you made your roles for the User ? app/models/user.rb class User < ActiveRecord::Base attr_accessible :email, :password, :remember_me devise :database

I'm using cancan and cells gems in my ruby-on-rails project. How to access can? method from within cell? Thanks. I've had to do exactly this. Try class MyCell < Cell::Rails include CanCan::ControllerAdditions end If you're also using Devise, I had to do this: class MyCell < Cell::Rails include CanCan::ControllerAdditions include Devise::Controllers::Helpers Devise::Controllers::Helpers.define_helpers(Devise::Mapping.new(:user, {})) end #define_helpers will add helper methods such as current_user and user_signed_in? to the cell. For those who happen to have a custom current_ability() method (in