CanCan and controllers without models

Question

I'm using CanCan for authorization. I define the model-action-user rules in /app/config/ability.rb and it's working fine. I've added the line load_and_authorize_resource to my application_controller, and everything's done.

However, I also have numerous views and controllers that don't have a model underneath. For example, trying to load a statistics page gives

NameError (uninitialized constant Statistic):
  activesupport (3.2.3) lib/active_support/inflector/methods.rb:229:in `block in constantize'
  activesupport (3.2.3) lib/active_support/inflector/methods.rb:228:in `each'
  activesupport (3.2.3) lib/active_support/inflector/methods.rb:228:in `constantize'
  ...

Is there some way for CanCan to work with the controller+action instead of model+action?

score 39 · Accepted Answer · answered Jun 29 '12 at 09:57

39

Use authorize_resource :class => false in your controller. CanCan will automatically check for abilities on the name of the controller (as a symbol, singular, eg :statistic for the StatisticsController)

See https://github.com/ryanb/cancan/wiki/Non-RESTful-Controllers

answered Jun 29 '12 at 09:57

tight

823
6
11

If you are using load_and_authorize_resource method, no need to mention class => false.cancan will check and find it out as default. – Madhan Ayyasamy Nov 21 '13 at 09:25
3

@MadhanAyyasamy I dont think so – Nithin Jun 11 '14 at 12:54
@MadhanAyyasamy load_and_authorize_resource breaks if you don't tell it that there's no model for that controller... – Leonardo Lourenço Feb 03 '15 at 21:16
1

Thank you for this. Couldn't find anything in their documentation that mentions passing the controller as a singular symbol in ability.rb. – kaydanzie Jun 24 '19 at 23:26
Didn't work for me. Maybe because my controller already was singlular (home). – stevec Oct 14 '20 at 10:57
What about namespaced controllers? E.g. Users::SessionsController? – Blaine Lafreniere Oct 27 '20 at 17:08

score 5 · Answer 2 · edited Jun 20 '20 at 09:12

5

You can especify the controller within the ability.rb file:

ability.rb:

can :read, StatisticsController # ability.rb

StatisticsController:

class StatisticsController < ApplicationController

  def read
    authorize! :read, current_user 
  end
end

edited Jun 20 '20 at 09:12

Community

1
1

answered May 28 '19 at 17:09

bragamat

101
1
3

score 2 · Answer 3 · answered Oct 26 '21 at 19:59

None of the other answers worked for me but the following did:

can :read, :statistics # ability.rb

Then, in the controller you can either use

class StatisticsController < ApplicationController
  authorize_resource class: false
end

which will call authorize! :<action>, :statistics for you, or you can do it per action explicitly:

class StatisticsController < ApplicationController
  def index
    authorize! :read, :statistics
  end
end

score -1 · Answer 4 · answered Jan 13 '18 at 13:41

-1

you can use this gem cancacan "https://github.com/piedoom/cancancan" where the persons is finding update the gem cancan to the version of rails new

answered Jan 13 '18 at 13:41

perrukozsh

34
1
6

CanCan and controllers without models

4 Answers4

ability.rb:

StatisticsController:

Linked