Geek Answers Handbook

Access to CanCan Application Basic Rules from Rails 3.1

I am trying to use a Forem gem, which typically uses the CanCan authorization system, as well as my main application. Both the main application and the Rails Engine have their own .rb ability files .

The problem occurs in the layout when I try to perform some authorization checks:

    <% if can? :update, User %>
        <%= link_to_current_user :content_method => :login %>.
    <% else %>

When I use the layout file in the engine, it asks it for its own .rb capabilities file for authorization. Naturally, there are no rules from my main application, so authorization fails when it shouldn't. Is there any way to make me move to the "main" CanCan?

Thank.

+5
source share
3 answers

I think the easiest solution would be to define a forem for monkey-patch to add your own declarations:

class Forem::Ability
  alias_method :orig_init, :initialize
  def initialize(user)
    orig_init(user)

    # Put your own authorization code here.
  end
end

class Ability < Forem::Ability; end

If in the context of the engine, the method can?should use a controller / namespace to authorize actions ( Forem::Ability), when your own controller is used in your own application context and there is no namespace to do the same.

So I think this solution here (which will add all the authorization actions to both Ability, and to Forem::Ability, should solve your problem.

UPDATE: I now understand that the engine controller method current_abilityprobably reads something like:

def current_ability
  @current_ability ||= Forem::Ability.new(current_user)
end

And your (by default from cancan stone) reads something like:

def current_ability
  @current_ability ||= Ability.new(current_user)
end

, , , , , .

+4

, , - , . ..

0

, .

, , cancan/wiki/admin-namespace, , , .

:

# in models/admin_ability.rb

class AdminAbility
  include CanCan::Ability

  def initialize(user)
    # define admin abilities here ....
  end
end


def current_ability
   @current_ability ||= AdminAbility.new(current_user)
end

, .

0

More articles:


All Articles