cancan

I am starting a project and i would like to be able to test everything :) And i have some problems with CanCan and devise. For exemple, I have a controller Contacts. Everybody can view and everybody (excepts banned people) can create contact. #app/controllers/contacts_controller.rb class ContactsController < ApplicationController load_and_authorize_resource def index @contact = Contact.new end def create @contact = Contact.new(params[:contact]) if @contact.save respond_to do |f| f.html { redirect_to root_path, :notice => 'Thanks'} end else respond_to do |f| f.html { render :action => :index }

I'm developing a Rails 3 app using Devise and CanCan. The app allows anonymous (not registered) users to access some of the app, and registered users to access other parts. One aspect of the app (a yoga workout app) is that users can create Yoga sequences by stringing together yoga poses, then they can play them back in a video player. I currently have all the functioning for registered users, but now want to allow anonymous users to be able to create a sequence, and play it back, but to "save" it (ie. be able to use it again on any subsequent session), they need to register. Currently, this

According to all documentation, the :read action is aliased to both :index and :show : alias_action :index, show, :to => :read However, consider the following scenario with nested resources: resources :posts resources :comments end If I define abilities like this: # ability.rb can :read, Post can :show, Comment # comments_controller.rb load_and_authorize_resource :organization, :find_by => :permalink load_and_authorize_resource :membership, :through => :organization things work as expected. However, if I change the :read action to [:index, :show]: # ability.rb can [:index, :show], Post can

I want to use CanCan to handle my permissions. My site has many different permissions levels, and most of them are context aware. For instance, Here are the relations in my 3 main models: class User < ActiveRecord::Base has_many :league_relations has_many :leagues, :through => :league_relations end class League < ActiveRecord::Base has_many :league_relations has_many :users, :through => :league_relations end class LeagueRelation < ActiveRecord::Base belongs_to :user belongs_to :league end Note, LeagueRelations is a nested resource of Leagues. What I want to do is allow a user to modify leagues

I followed this link to figure out how to have an admin approve a new user. I have an approved attribute on my User model that is a boolean. 2 problems - 1) when I'm logged in as admin and go to the edit user via the link_to "Edit", edit_user_path(user) to change approved user - the url is for the correct user but then the update action tries to update the current admin user. 2) I would prefer to have the override of the needed current password so I've put a method in the Registrations controller to do this below but get this error: error: unknown attribute 'current_password' for User. So it

Pretty much what I have mentioned in the title. I am using CanCan::Ability in my code to check permissions and abilities. It expects a current_user method to be defined. I am guessing it comes from devise (but not sure), and I wish to override it. Whats the best way to do that? It's found here in the source code. It's nothing to do with devise, though. The documentation is found above the method and describes overwriting it. current_user is implemented by devise in this eval'ed block (which, I believe is called indirectly by the devise_for(:user) in your config/routes.rb ). If you want to

I am developing a rails app and I have 2 different user's role : advanced and basic. Instead of to hide links in the basic user's views (a.i. using CanCan ) I want to manage 2 different set of views : one for the advanced user and one for basic user. Currently I am working in this way: case current_operator.op_type when 'basic' format.html { render :template => "devices/index_basc.html.erb" } when 'advanced' format.html # index.html.erb end But I dont like to specify at every action the template for the basic user ( { render :template => "devices/index_basc.html.erb" } ) I think there is some

Update: see end of post for how the specs now work now that I have my specs in spec/requests instead of spec/controllers. Still wondering how to get a valid signed in user for integration tests with my controllers. I'm working with Devise and CanCan for the first time and am having difficulty doing the most basic of integration tests whereby I'm verifying that a logged in user is...well...logged in. I have read countless posts and answers dealing with Devise and RSpec integration tests (i.e. speeding them up by accessing the session directly via https://github.com/plataformatec/devise/wiki/How

I having quite a bit of troubling getting cancan to authorize my new routes setup below: namespace :api do namespace :v1 do resources :users do resources :user_songs resources :friendships resources :plays resources :likes resources :songs I have followed what was posted here https://github.com/ryanb/cancan/wiki/Nested-Resources and tested it with the likes controller by putting this above: class Api::V1::LikesController < Api::V1::BaseController load_and_authorize_resource :user load_and_authorize_resource :like, :through => :user Using a can :access, :all in ability.rb works but anything