Reputation: 311
how set the permissions for cancan gem?
please help solve the problem. i try set the permissions after install 'cancan' and 'cancancan' gems.
schema.rb:
create_table "roles", force: :cascade do |t|
t.string "name"
end
create_table "roles_users", id: false, force: :cascade do |t|
t.integer "role_id"
t.integer "user_id"
end
create_table "users", force: :cascade do |t|
t.string "email", default: "", null: false
................................................................
t.datetime "created_at"
t.datetime "updated_at"
end
models:
class User < ActiveRecord::Base
has_and_belongs_to_many :roles
def role?(role)
return !!self.roles.find_by_name(role.to_s.camelize)
end
end
class Role < ActiveRecord::Base
has_and_belongs_to_many :users
end
app/models/ability.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
elsif user.role? :manager
can :manage, :review
cannot :manage, :user
elsif user.role? :user
cannot :manage, :all
end
end
end
i filled my roles table follow values:
id name
0 user
1 manager
2 admin
i filled my join table 'roles_users' follow values:
role_id user_id
2 2
1 3
0 1
but after run application permissions is no effect. the problem is that managers can change info for all users. it is not right. please help to fix it
ps:
my user controller:
class UserController < ApplicationController
load_and_authorize_resource
end
after manager change info about user via adminpanel, console output follow:
Started GET "/admin/users/1" for 127.0.0.1 at 2015-09-19 20:53:47 +0300
Processing by Admin::UsersController#show as HTML
Parameters: {"id"=>"1"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 3]]
(0.1ms) SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ? [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
CACHE (0.0ms) SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ? [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
Rendered /home/kalinin/.rvm/gems/ruby-2.0.0-p598/bundler/gems/activeadmin-893b46c6530c/app/views/active_admin/resource/show.html.arb (316.7ms)
Completed 200 OK in 321ms (Views: 318.9ms | ActiveRecord: 0.3ms)
Upvotes: 0
Views: 936
Answers (1)
Reputation: 7482
You don't need that .camelize call in your role? method, since all your roles in db are stored in lower-case (manager) and not in camelCase (ManagerOfTheApplication).
It seems your Admin::UsersController is located in active_admin. Try to enable active_admin and can_can integration:
config.authorization_adapter = ActiveAdmin::CanCanAdapter
Look into the link above on the details.
Upvotes: 1
Related Questions
- Cancancan - Access denied in Rails Admin
- Unable to configure cancancan with active_admin in rails
- Unable to configure cancancan in Rails
- Need help to configure CanCanCan for activeadmin
- rails cancancan gem how to limit permission
- How do I setup my CanCanCan permissions correctly?
- ActiveAdmin, CanCan: privelegies
- Cancan user permission?
- Cancan permission
- How do you give a user permission with CanCan