Alpha Beta Charlie
Reputation: 841
Cancan nested_routes restrict acces to :index
I have some problems with cancan and a nested routes.
I have this routes :
resources :companies do
resources :projects
end
I have no problem with the abilities for Company model but for the Project model I want to deny the access to Project#index if they are not admin of the company.
The next code works :
can :show, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
But how I can do :
can? :index, Project
I tried by renamed the method like that :
can :index_projects, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
and use :
can? :index_projects, @company
But it doesn't work. Do you know how to do it?
Thanks.
Upvotes: 2
Views: 1398
Answers (1)
jbmeerkat
Reputation: 335
you need to use something like this in your ProjectsController:
class ProjectsController < ApplicationController
def index
authorize! :index, Ability
@projects = Project.order(:created_at)
end
end
and when you`ll try to access Projects#index CanCan will check abilities and deny or allow access according to user abilities
prooflink https://github.com/ryanb/cancan/issues/209#issuecomment-609043
hope this is what you need =]
Upvotes: 3
Related Questions
- Cancancan nested resource authorization
- Allow access to different views and routes with cancancan?
- Cancancan authorisation of nested resources
- Rails 3 CanCan nested Resources
- Cancan Authorizing Controller Action in Nested Resources
- Rails Cancan - How to Restrict Users From Accessing Custom URL Route
- Cancan nested resources restricting access to index
- CanCan, setting up a nested resource?
- CanCan Nested Resource Controller Authorization
- Rails cancan authorizing nested resources