How to define conditional abilities using cancan

Question

I am using cancan gem for authorization. I have defined ability.rb module to initialize roles and their permissions for different modules.

`def initialize(user)
user ||= User.new # guest user (not logged in)
members = user.members
members.each do |member|
  role = member.role
  if role.presence
    permissions = role.permissions

    permissions.each do |permission|
      actions = Array.new
      actions = permission.activity_name.split(",") if permission.activity_name.presence
      app_module = permission.application_module
      actions.each do |action|
        if app_module.module_name == "Project"
          Rails.logger.debug "in if"
          can action.downcase.to_sym, app_module.module_name.constantize, :id => member.project_id if action.presence
        elsif app_module.module_name == "Sequence"
          Rails.logger.debug "in sequence and project id is #{member.project_id} and action is #{action}"
           can action.downcase.to_sym, app_module.module_name.constantize, :project_id => 0..1 if action.presence

        else
          Rails.logger.debug "Module name is #{app_module.module_name}"
          can action.downcase.to_sym, app_module.module_name.constantize if action.presence
        end
      end

    end

  end
end

end`

Here user has assigned a project and project has many sequences. If user has assigned a project with id 1 then I have to fetch only those sequences whose project id is 1

In controller I have written - load_and_authorize_resource

The permissions for project controller is properly fetched but for sequence controller if I pass project id also it was not restricting to other project.

Can anyone please help me

Answer 1

Conditional abilities would be in your ability.rb file.

You would do something like this in your ability.rb file:

can [:<actions>], Sequence do |sequence|
  sequence.project.user_id == user.id
end