cancan

I've been using the two awesome gems, state_machine and cancan recently in my rails application but I'm curious as to the best way to integrate them cleanly. Currently I've placed state transitions on buttons that go on actions authorized by the controller. This works perfectly, I can restrict who can perform that action. I would like to give the user the ability to change the objects state in the edit form as well. I've noticed that state_machine will pick up on the state_event key in the hash, with the value of the action to perform (so it will go through all of state_machines callbacks).

Is it possible to define abilities in separate file and include them in ability.rb file inside initialize method ? belowed code returns: tried and got: undefined method 'can' ability.rb def initialize(user) include MyExtension::Something::CustomAbilities ... end lib/my_extension/something.rb module MyExtension::Something module CustomAbilities can :do_it, Project do |project| check_something_here and return true or false... end end end perfect solution, if possible, would be to extend class Ability with Ability.send :include/extend, so without explicit include in initialize method Just Include

I'm trying to find a solution to a rails design that isn't all that obvious to me. A friend who is very good with this stuff has given me his take on it, but I wondered if there is a rails pattern - the knowledge I'm missing is how rails creates the relationship… I have a problem space like this. Users can perform more than one role at more than one organisation. So for example, a user can be both a "Standard User" and an "Power User" at Organisation 1, but an "Admin" at Organisation 2. I'm using Devise and CanCan. I have a Users table, Roles and an Organisations table and a roles_users table

I'm quite new to this and I'm using cancan + devise for my user auth. However I'm not really sure what it means to set up a typical users HABTM roles relationship nor do I really understand what a HABTM relationship is. Can anyone explain it really well or point me to a good tutorial or example? HABTM means has and belongs to many. You basically need a table as a middle man to track multiple id's (called a through table). When referenced as a typical users HABTM roles relationship, they really mean there would be a User model, Role model, users table, roles table, and a roles_users table. Don

I have a Post model with a :published attribute ( boolean ) and a User model with a role attribute ( string ). There are three roles: ROLES = %w[admin publisher author] I don't want users whose role is author to be capable of setting, or editing , the :published field on the Post model. I'm using CanCan (and RailsAdmin gem) and my simplified Ability.rb file looks like this: class Ability include CanCan::Ability def initialize(user) user ||= User.new if user.role? :admin can :manage, :all elsif user.role? :publisher can :manage, Post elsif user.role? :author # I want to prevent these guys from

I am writing a rails application for an organization. Every user may have 1 or more roles and can only access certain controller actions depending on those roles. For example, only admins can create, destroy and update certain fields of User s. Also, there are Team s which each have a team leader , and only the team leader can update certain information about the Team (like the member list, for example). However, Admins are the one who assign the team leader in the first place. The specific details of my scenario are not important, I merely hope I described the situation where there are many

What exactly is happening when I do: @patient.course_enrollments.accessible_by(current_ability) What seems to happen is I get course_enrollments where course.client_id = user.client.id , I just don't understand how accessible_by works. # ability.rb can :manage, CourseEnrollment, :course => {:client_id => user.client.id} accessible_by gives you a scope that includes only those records which you'd be able to access given the current_ability . Since you stated that the :manage ability on CourseEnrollment is filtered by courses owned by the current user, the accessible_by call will add in that