views:

44

answers:

1

Hi everybody,

(sorry for my English ;)

I started to use CanCan from rbates, this is awesome gem, but I have some problems: I have Scrap model and there is boolean field :published (so, it means published/not published (draft)).

I have this rule in my ability.rb:

can :create, [Scrap]
can [:update, :destroy], [Scrap] do |object|
  object.try(:user) == user
end

So, this object cant be edited/updated/deleted by non-author. I want to do the same with my "show" action (non-author cant read drafts, really? ;) What is the true way to do this?

Thanx all! Andrey Ognevsky

+1  A: 
can :show, Scrap do |scrap|
  scrap.published || scrap.user == user
end
robertokl
:read means :index and :show, so users will not be able to view :index action;)i tried to write smth like this:can :read, :all do |object_class, object| object_class != "Scrap"endcan :index, Scrapcan :show, Scrap do |scrap| scrap.published || scrap.user == userendbut i think here is too many code for one small action ;/ I believe there is more simple way for doing this.
elf.xf
did you tried replacing :read with :show?
robertokl
sure, it becomes the same i wrote in my comment (here is no line breaks for comments...), but i think it's too many text for one small action ;(
elf.xf
I don't think that's too many code.. You're telling cancan exactly what you want: Users can only see a scrap if the scrap is published or if the scrap owner is the current logged in user =)
robertokl