almo
Reputation: 6387
CanCanCan for custom controllers with not models
I know how to restrict access for RESTful applications with CanCan in Rails 5.
Some of my actions and controllers are not RESTful.
For example I have a report_controller with a user_report method. There is no model directly linked to this controller/action.
class ReportController < ApplicationController
load_and_authorize_resource
def user_report
end
end
How can I define an ability in my ability.rb file to restrict access to this action?
Upvotes: 4
Views: 2112
Answers (1)
Sean Huber
Reputation: 3985
In ability.rb define a custom ability like this:
can :view_reports, MyClass
In your user_report action, manually authorize against that ability:
def user_report
authorize! :view_reports, MyClass
# ...
end
Also, remove load_and_authorize_resource from ReportController since you are invoking authorize! directly.
Upvotes: 0
Related Questions
- Adding a Controller without corresponding model while using cancancan
- CanCan and controllers without models
- Rails CanCanCan ability issue with model-less controller
- Rails rspec test for controller cancan abilities
- Using cancan with gems controllers
- Cancan on a no model controller
- Rails cancan gem for not restfull controller
- Cancan: trying to restrict access to Controller with no Model of the same name
- Rails, CanCan and controllers
- CanCan can? works with :all or different model