Jump to content

The ultimate community for Ruby on Rails developers.


CanCan Authorization Help

Gem CanCan

  • Please log in to reply
No replies to this topic

#1 RyanHMaas



  • Members
  • 1 posts

Posted 06 December 2013 - 12:35 AM

Hi all,


I'm new here and somewhat new to Rails. I'm definitely new to CanCan, however, and I need some help with authentication. This application also uses Devise, if that changes anything. I would like my user to be able to read, update, or destroy only forms that they own. In my ability.rb class, I have it set up as the following currently, given that the form does have a user reference:

can [:read, :update, :destroy], Form, :user_id => user.id

In my controller, I have called load_and_authorize_resource. I have also tried to restrict access in the view layer by the following (this is one example, I have done the same with the other actions)

 <% if can? :destroy, Form %>
            <td><%= link_to 'Destroy', form, method: :delete, data: { confirm: 'Are you sure?' } %></td>
 <% end %>

but I am aware that this will return true since it is calling the can? method upon the class itself. How do I go about actually restricting access? In other words, my current view lists two forms: one belongs to the current user, the other does not. How do I get it to allow access to the form he/she possesses?


Thanks and sorry for the long post!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users