Stack Overflow
Stack Overflow

Questions tagged [cancancan]

Continuation of CanCan, the authorization Gem for Ruby on Rails.

As in the project webpage:

CanCanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries

453 questions
15
votes
1 answer

Rolify Table Error (user.add_role :admin Unknown Key Error)

I'm attempting to setup the rolify gem and I'm running into an issue assigning a role to a user in the console. Here's my error: 2.2.1 :007 > user.add_role :admin ArgumentError: Unknown key: :optional. I'm running devise with cancancan and rolify.…
John Gerard
  • 299
  • 4
  • 19
12
votes
2 answers

CanCanCan throws a regular Rails error on an exception rather than a flash message like I specified

I am using CanCanCan, Devise & Rolify. My ApplicationController looks like this: class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. …
marcamillion
  • 32,933
  • 55
  • 189
  • 380
9
votes
2 answers

rails_admin with cancan not catching access denied exception for redirect

I am using rails 5, rails_admin, devise and cancancan. Everything works correctly, but when there is access denied, it shows a 'You are not authorized to access this page' error screen. I want to redirect to root_path, I've been searching and I only…
user6945851
  • 175
  • 1
  • 11
7
votes
0 answers

How to resolve record not found error using cancan load_and_authorize_resource :product , :through => :current_user

I have a controller where I have load_and_authorize_resource :product ,:through => :current_user ... def set_user_product @user_product = User::Product.find_by_id(params[:id]) end My ability.rb file contain can :edit, User::Product do…
Braham Shakti
  • 1,408
  • 4
  • 22
  • 39
6
votes
1 answer

How do I specify an ability for a route created by a Rails engine?

I am using Trestle Admin, this is my route: trestle_path /admin Trestle::Engine When a user that is not an admin visits the /admin route, I would like CanCanCan to handle it like it handles all of the other unauthorized requests in…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
6
votes
3 answers

cancancan authorize_resource not working as expected

I am getting an unexpected behaviour for a simple cancancan authorization. ability.rb class Ability include CanCan::Ability def initialize(user) # Define abilities for the passed in user here. For example: # user ||= User.new #…
Augusto Samamé Barrientos
  • 1,314
  • 14
  • 36
6
votes
3 answers

How do I specify a custom exception message from my ability.rb?

In my ability.rb, I have the following rule: elsif user.has_role? :demo can :read, Profile, demo_featured: true, demo_linked: true, message: "To access this profile, please subscribe here." But that doesn't produce the message I want. How do I…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
6
votes
4 answers

How do I setup my CanCanCan permissions correctly?

I am a little confused about how to configure CanCanCan properly. For starters, do I have to add load_and_authorize_resource to every controller resource I want to restrict access to? This is what I would like to do: Admin can manage and access all…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
5
votes
4 answers

How to check cancan permission on ActiveAdmin custom page?

I've the following Ability: can :manage, ActiveAdmin::Page, name: 'My Page' And it is working fine, but I want to check if the user has the ability to manage this ActiveAdmin::Page in different pages. So, when I used the following: can? :manage,…
Mahmoud M. Abdel-Fattah
  • 1,479
  • 2
  • 16
  • 34
5
votes
1 answer

controller test: <302: Found> redirect to

I have a problem with unit testing in ruby on rails (rails v. 5.001). I use devise and cancancan for authorization. The user needs to login in a test unit, but how can I implement this without redirecting to http://www.example.com/users/sign_in?…
Peter
  • 719
  • 1
  • 8
  • 19
5
votes
3 answers

How to use cancancan?

I want to give rights to users in my rails app. I have 'admin' who can create, update and delete all posts and comments, 'user' who can create and update only his own comments, and 'guest' who can do none of these. For this I use the gems 'devise'…
vveare138
  • 347
  • 2
  • 8
  • 20
5
votes
2 answers

ActiveAdmin + CanCanCan errors with : protected method `authorize!' called for

I'm having some trouble getting ActiveAdmin to work with CanCanCan. I'm using CanCanCan version 1.9.2 and ActiveAdmin version 1.0.0.pre in a Rails 4 app. After setting up my ability class and enabling authorization checks in the rest of my app by…
732
  • 661
  • 5
  • 12
4
votes
1 answer

Rails / Cancan - load resources through association

I have these models: Company has_many :users has_many :accounts User belongs_to :company Account belongs_to :company Users should have access to certain resources through their company, and I'd like to implicitly load those with…
kid_drew
  • 3,857
  • 6
  • 28
  • 38
4
votes
1 answer

CanCanCan show only instance of model that user belongs to

I'm currently using Devise, CanCan, and Rolify to handle authentication and authorization for my rails app and I'm having a really hard time understanding how to make it so that a user can only :show and :update a specific instance of a model that…
cdouble.bhuck
  • 507
  • 1
  • 5
  • 19
4
votes
3 answers

Where does CanCanCan define flash "%{subject}", and how to modify to be consistent with Rails localization conventions?

CanCanCan displays localised flash messages if a resource is not authorised. https://github.com/CanCanCommunity/cancancan/wiki/Translations-(i18n) # en.yml en: unauthorized: manage: all: "You do not have access to %{action}…
Andy Harvey
  • 12,333
  • 17
  • 93
  • 185
1
2 3
30 31