tags:

views:

623

answers:

2
Q: 

Rails CanCan Auth Problem

I am using the CanCan authorization plugin (http://github.com/ryanb/cancan) for my application and it has worked great so far. I had it set like the following:

    class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user

    if user.role == "admin"
      can :manage, :all
    else
       can :read, :all 


    end
  end
end

This allows me to designate some users Admins and only they can access write functions. Now I want to take it another step and make it so people who are not logged in at all (current_user/user_session does not exist) cannot access some controllers of the site. I know it should be some sort of elsif with the middle part of the code for the user and the final else for everyone else. However, I have not been able to figure out the best way to go about setting this up. Is anyone familiar with CanCan and have some ideas on how to best approach this type of situation.

Thanks guys, every bit helps me learn more about rails and development in general!

+1  A: 

I'm not quite familiar with CanCan but this kind of logic belongs inside the specific controller. This is an extract of how i do it. I'm sure you get the point and can abstract it onto CanCan.

class ItemsController < ApplicationController
  before_filter :login_required
  # or if you only want to restrict it to some actions etc 
  # before_filter :login_required, :except => [:show]
  # or
  # before_filter :login_required, :only => [:edit]
end

class ApplicationController < ActionController::Base
  protected
    def login_required
       access_denied! unless current_user.logged_in?
    end
end

CanCan is for authorization not authentication. There's a difference ;)

Nils Riedemann  2010-01-25 16:15:39
Okay, thank you very much, I think I was over thinking the problem. I can still use CanCan for my more complicated Admin logic and then just use something like what you wrote for pages I care whether someone is logged in or not. Thank a lot!
 2010-01-25 17:02:53
If this answer is enough for you, you should mark your question as answered using the link to the left of my post.
Nils Riedemann  2010-01-25 19:07:23
A: 

I don't know if you're still looking for the answer to this, but it's not too hard. All you need is a condition that's false for a guest user. In your else block, put something like can :show, Controller do |controller| user.id.present? end

If the user's a guest, this will be false since it hasn't been saved, and therefore no access. If it's a logged in user, it'll be true, and so they'll get access.

yvonne  2010-01-28 08:02:14

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.