tags:

views:

210

answers:

2
+3  Q: 

CanCan gem | cannot :index, User

Very basic user model, I wish the admin user to :manage all

else cannot :index, User and some other options, but when I try and block non admin users from viewing the user index, the admin user also has not access.

this is my ability.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new #guest user

    can :manage, :all if user.role == "admin" #if user.admin? can :manage, :all
    can :assign_role, User 

    else
      can :read, :all
      can :create, User


      cannot :assign_role, User
      cannot :index, User

      can [:show, :edit, :update], User do |current_user|
              user.id == current_user.id || user.role == "admin"
            end



  end
end

What can I do to stop all users being blocked from User index?

Regards

Dan

A: 

Something wrong with if-else in code.

if user.role == "admin"
  can :manage, :all
  can :assign_role, User 

else
  can :read, :all
  can :create, User


  cannot :assign_role, User
  cannot :index, User
  can [:show, :edit, :update], User do |current_user|
    user.id == current_user.id || user.role == "admin"
  end

end

And also you don't have to deny non-admin user to assign role obviously (cannot :assign_role, User).

uzzz  2010-03-03 07:06:35
Am I right in thinking the IF statement for admin stop right after the first "Can" because I didn't state with IF and started withCAN :MANAGE, :all IF USER.ROLE == "ADMIN"Anyway thank UZZZ, great help!
MrThomas  2010-03-03 11:26:53
yes, "if" statement works only for one line of code if it's situated in the end of a line
uzzz  2010-03-03 12:23:40
A: 

I got almost the same problem, maybe someone can help me!

I am using CanCan with Authlogic, i need to restric the access of the users so the current_user can only edit his own account and not somebody else account.

i used the solution presented by uzzz, but when i try to show the current_user i am always getting the current_user as nil and in my user's controller i am using authorize_resource.

Thiago Diniz  2010-09-13 19:45:42

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.