CanCan has_many through, specific abilities

Question

I'm currently making a project using devise and cancan.

To understand my problem i have this models :

User with some attributes and is_admin boolean to global access

Role belongs_to project and user with a specific ability for user on each project

Project has_many some others models user can edit or not (depend of it's role on the project)

So my question is how can I do this ?

Actually I have this Ability class :

class Ability
  include CanCan::Ability
  def initialize(user)
    if user
      can :read, :all                   # allow everyone to read everything
      if user.is_admin?
        can :manage, :all
      end
    end
  end
end

I need to manage role in models depend on my Project model or something else ? Thank you in advance.

Answer 1

Here's a cleaner way to organize your Ability.rb.

def initialize(user)
  user ||= User.new # Set user to blank User.new if user isn't logged in.  

  # Everyone, including guests, can read everything
  can :read, :all

  # Will only let user manage if @project.admin_id == user.id 
  can :manage, Project, admin_id: user.id 

end

Answer 2

class Ability
  include CanCan::Ability
  def initialize(user)
    if user
      can :read, :all                   # allow everyone to read everything
      if user.is_admin?
        can :manage, :all
      end
      can manage, Project do |project|
          project.users.include? user
          #projects.users return the list of the users in the the role table.
      end
    end
  end
end

You can customize it but I think it's the good way to start.