Reputation: 6787
Defining abilities with block for action index with CanCan and Ruby on Rails
I need to add a filter on users. A user can see other users only if the user belongs to same branch. One user can belong to multiple branches.
I am defining ability with the blocks below. But after referring to documentation and facing an error I got to know that the index method doesn't fit well with defining the ability with block.
#This code is part of initialisation method of ability.rb
can :index, User do |curr_user|
#check if user belongs to same branch
!curr_user.branch_ids.index(branch_id).nil?
end
Here is index method of users controller
def index
authorize! :index, User
@users = User.where(params[:user]).accessible_by(current_ability, :index)
renders :obj =>@users
end
What is some alternative to define abilities to implement this logic in place of defining abilities with blocks?
Upvotes: 1
Views: 1574
Answers (1)
Reputation: 66
accessible_by is like a where for AR...
You should use a hash of conditions rather than a block to define your ability see Defining-Abilities
Something like ...
def initialize(user)
conditions = branch_id: user.branch_id
can :read, User, conditions
end
I suggest you first spike correct conditions in irb console
user = User.first
User.where(branch_id: user.branch_id)
Then you might want a test
Upvotes: 1
Related Questions
- How do I get my ability.rb to work properly for my index action?
- Difference between CanCanCan "index" rule with and without a block
- how get action in ability block of cancan gem of ruby on rails?
- Rails 5 with CanCanCan - How to filter list for an index action
- Rails, abilities with cancancan
- Applying cancan to custom actions
- CanCan custom actions not working with blocks
- Why is cancan enabling with a block even though the action is index?
- Using blocks to define abilities in CanCan raises an exception
- CanCan index action ability