Databases
StackOverflow2013
Postsdbo
PORails CanCan Hash of Conditions Not Working
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORails CanCan Hash of Conditions Not Working
    text
    copied!<p>I have a simple Ability.rb set up listed below:</p> <pre><code>if user.role? :super_admin can :manage, :all elsif user.role? :registered can :review, [Card, Deck], :visible =&gt; true end </code></pre> <p>Where the <code>alias :review =&gt; :index, :list, :show, :to</code>. Both Card and Deck tables have the visible column with the boolean option. Currently every object in the tables have <code>:visible =&gt; false</code>. Therefore, I'm expecting that a user with the registered role will not be able to <code>:review</code> any of the objects, but this is not the case. Restrictions at the controller level works fine (edit and delete are not accessible), but I can't seem to restrict the viewing of resources using the hash of conditions. Any thoughts?</p> <p>Edit: I have <code>authorize_resource</code> in the two controllers. Using Ruby 1.9.2, Rails 3.1, and CanCan 1.6.7. I'm using devise 1.4.9 for authentication. MySQL is the database.</p> <p>Edit: Well.. I figured out a way to restrict resources based on the conditions. Even though I had authorize_resource in all my controllers (and it worked for restricting access to the methods), I had to add <code>authorize!</code> to the methods that I wanted to restrict the resources to. For example, to restrict the show action for Decks with the condition of <code>:visible =&gt; true</code>, I had to add <code>authorize!</code> as such: </p> <pre><code>def show @deck = Deck.find(params[:deck_id] authorize! :review, @deck end </code></pre> <p>To be honest, I am not satisfied with this solution, since I don't see a reason why <code>authorize_resource</code> wouldn't work. I would love to see an explanation.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload