Gagan
Reputation: 4388
cancan authorization rule
I have a cancan authorization problem.
My scenario is like this.
User has_one Student
In StudentsController I have I get user and student like this
@user = User.where(:username => params[:username]).first
@student = @user.student
Now how can I write cancan authorization rule to edit/update @student record so that the logged user can only edit his student record, provided that @user may or may not be the logged in user. Its just the user with the username form params.
I hope the question is clear :)
Thanks
Upvotes: 0
Views: 101
Answers (1)
abhir
Reputation: 1069
Check out the wiki for CanCan:
https://github.com/ryanb/cancan/wiki/Defining-Abilities
You should be able to define that ability in the ability model by doing something like:
can :edit, Student, :user_id => user.id
Upvotes: 1
Related Questions
- Rails authorization CanCanCan
- Rails authorization with cancan
- CanCan Rails Authorization
- Using cancan to prevent access to controller
- Cancan authorisation for a specific model
- rails role based access using cancan
- CanCan not preventing access when it should
- Cancan permission
- CanCan authorization issue
- Rails Authorization with CanCan Problem