CODEWITHSUNDEEP
ruby-on-rails-3cancan
dennismonsewicz
dennismonsewicz

Reputation: 25542

CanCan not reading ability properly

Here is my CanCan setup:

if user.college_coach?
  can :read, Coach, :id => user.id
  can :update, Coach, :id => user.id
  can :update_billing_information, Coach, :id => user.id
  can :update_account_type, Coach, :id => user.id
  can :edit_account, Coach, :id => user.id
  can :access_roster_builder, Coach, :id => user.id, :account_type => { :name => ["Recruiter", "Team", "Free"] }
  can :access, Coach, :college_dashboard
  can :access_saved_profiles, Coach, :id => user.id, :account_type => { :name => ["Team"] }
  can :access_draftboard, Coach, :id => user.id, :account_type => { :name => ["Team"] }
  can :update, Draftboard, :coach_id => user.id
  can :access_contributors, Coach, :id => user.id, :account_type => { :name => ["Team"] }
  can :access_deleted, Coach, :id => user.id, :account_type => { :name => ["Team"] }
  can :save_searches, Search, id: user.id, account_type: { name: ["Recruiter", "Team"] }
  can :read, Athlete
  can :update, Athlete
  can :update_account_type, Athlete
  can :keep, Athlete
  can :draft, Athlete
  can :share, Athlete
  can :notes, Athlete
  can :contact, Athlete
  can :cut, Athlete
  can :read, Stat
  can :view, :social_box
end

And in my view:

  <% if can?(:save_searches, Search) %>
    <input type="button" class="blk-button hide search-related" id="save-to-pdf" value="Save Results to a PDF" />
  <% end %>

Even if I change the account type of the user to a Free account type, the button still is being displayed... not sure what is causing this to not work..

Upvotes: 0

Views: 79

Answers (1)

crftr
crftr

Reputation: 8546

It looks like you have too many block conditions on the CanCan DSL. This line caught my attention:

can :save_searches, Search, id: user.id, account_type: { name: ["Recruiter", "Team"] }

# This means... grant :save_searches when
search.id == user.id && search.account_type == { name: ["Recruiter", "Team"] }

As that's likely not what you're shooting for, try moving your account verification out of the CanCan DSL and into a basic conditional statement.

if user.college_coach?
  # ...
  if ["Recruiter", "Team"].include? user.account_type.name
    can :save_searches, Search
  end
end

Upvotes: 1

Related Questions