cancan

You can get the current_user 's permissions from a view or controller using can? in this fashion: <% if can? :update, @article %> <%= link_to "Edit", edit_article_path(@article) %> <% end %> How can I access this functionality from a model using this syntax: user.can?(:update, @article) There's a wiki entry at github for this: http://wiki.github.com/ryanb/cancan/ability-for-other-users You need to change your User model like this: class User < ActiveRecord::Base def ability @ability ||= Ability.new(self) end delegate :can?, :cannot?, :to => :ability end Then you can check abilities like this:

If I have a Devise model User, of which only those users with role :admin are allowed to view a certain url, how can I write an RSpec integration test to check that the status returns 200 for that url? def login(user) post user_session_path, :email => user.email, :password => 'password' end This was pseudo-suggested in the answer to this question: Stubbing authentication in request spec , but I can't for the life of me get it to work with devise. CanCan is receiving a nil User when checking Ability, which doesn't have the correct permissions, naturally. There's no access to the controller in

I'm working on a project management app, and in the app, I have project_managers and clients . I'm using Devise and CanCan for authentication/authorization. At what point after login should I be redirecting the user to their own specific controller/layout/views? Is there a way to check for current_user.role in routes.rb and set the root (or redirect) based on whether or not they're a project manager or a client? Is this a change I can make in Devise somewhere? Thanks in advance for any help! --Mark vonconrad Your routes.rb file won't have any idea what role the user has, so you won't be able