CODEWITHSUNDEEP
ruby-on-railsassociationscancan
dewyze
dewyze

Reputation: 979

CanCan vs. Rails Association

I think I have gone and confused myself over the power of CanCan.

I asked a longer question here - Rails has_many :through, null belongs_to, multiple belongs_to and deletion of belongs_to?. But at the advice of one of the members, I simplified my question with what I think is my ultimately question.

In short, a User has a Role in a Network. A User can also create Events, however, what Events they can see/edit are all based on that Role. If a User loses their Role they no longer have access to an Event.

Additionally, if the User and/or Role that created the Event is removed, the Event will still exists in the Network and be visible to all Users with a high enough authority (admin, manager, etc.) in their Role.

I can use CanCan to determine if a User has access to an Event by testing their Role. That part is working fine.

But more conceptually, if I am using CanCan to control both the access to the controller actions for Events as well as whether or not the Event is even displayed in the view based on can :read, is there a need for an rails has_many :through association between Users and Events? Since technically the User is only connected to the Event through a Role in a Network, can I just leave it to CanCan to control access, or do I need an association. Would it be good to have a method like:

def events
  ... # info for grabbing all events user has access to?
end

Or is that also unnecessary?

Upvotes: 0

Views: 168

Answers (1)

Felipe Skinner
Felipe Skinner

Reputation: 16636

You dont need to use the has_many :through

Take a look at: https://github.com/ryanb/cancan/wiki/defining-abilities

You can assign different roles for the users and check permissions using what they say in the wiki I just posted

Upvotes: 1

Related Questions