Some problems with CanCan

views:

answers:

Some problems with CanCan

Hi everybody,

(sorry for my English ;)

I started to use CanCan from rbates, this is awesome gem, but I have some problems: I have Scrap model and there is boolean field :published (so, it means published/not published (draft)).

I have this rule in my ability.rb:

can :create, [Scrap]
can [:update, :destroy], [Scrap] do |object|
  object.try(:user) == user
end

So, this object cant be edited/updated/deleted by non-author. I want to do the same with my "show" action (non-author cant read drafts, really? ;) What is the true way to do this?

Thanx all! Andrey Ognevsky

+1 A:

can :show, Scrap do |scrap|
  scrap.published || scrap.user == user
end

robertokl 2010-07-06 18:39:10

:read means :index and :show, so users will not be able to view :index action;)i tried to write smth like this:can :read, :all do |object_class, object| object_class != "Scrap"endcan :index, Scrapcan :show, Scrap do |scrap| scrap.published || scrap.user == userendbut i think here is too many code for one small action ;/ I believe there is more simple way for doing this.

elf.xf 2010-07-06 22:51:29

did you tried replacing :read with :show?

robertokl 2010-07-07 14:36:47

sure, it becomes the same i wrote in my comment (here is no line breaks for comments...), but i think it's too many text for one small action ;(

elf.xf 2010-07-07 19:05:59

I don't think that's too many code.. You're telling cancan exactly what you want: Users can only see a scrap if the scrap is published or if the scrap owner is the current logged in user =)

robertokl 2010-07-08 01:04:00

ansaurus

tags:

views:

answers:

Some problems with CanCan

related questions