Hi guys, I'm building multi-tenant application. All data isolation is done by TenantID column in each table. What is the best way to automatically handle multi-tenancy for all tenant models. Example: Contacts.new({.....}) should automatically add :tenant => curret_user.tenant Contacts.where({....}) should also add :tenant => curret_...
Hi guys, Have somebody tried to rewrite CanCan ActiverRecordAddtions for Mongoid http://github.com/ryanb/cancan/blob/master/lib/cancan/active_record_additions.rb Regards, Alexey Zakharov ...
Hi there, I'm trying to get some basic authentication/authorization with devise/cancan with Rails. Rather than using roles like Ryan B's screencast and other examples around I'm trying to do something basic: 1 - A user can log in 2 - A user can only edit/destroy their own articles (no roles, you're either logged in and can create new ...
I have a Rails 3 application that has Categories. A category can be administered by somebody with the Category Owner role. But the Category Owner should only be able to access Categories that he owns, not others. I can lock down the admin functions using CanCan, but I need to restrict the specific categories themselves. ...
I really like the Rails authorization gem CanCan. However, I find myself having multiple conditions on certain privileges, and I'd like to be able to give different error messages to the user, depending on why he or she has been denied access. Does CanCan have a mechanism for such behavior? I'm having trouble finding it. Would I have to...
How would you implement a modal window saying "In order you to access this area you have to be logged in.." in combination with a login form below it every time a user tries to access authorized content. I'm using Rails 3, Devise and CanCan. My first thoughts were do put it somewhere in the application_controller.rb: # application_cont...
I have Projects resource which is nested in Users resource. My Cancan Ability class is: class Ability include CanCan::Ability def initialize(user) #everyone can :read, Project if user.blank? # guest user ... else #every signed in user case user.role when User::ROLES[:admin] ...
Hi, There are conflict with inherited_resources and Ryan Bates's cancan gem. I have some simple controller class IssuesController < InheritedResources::Base respond_to :html load_and_authorize_resource def tag @issues = Issue.tagged_with(params[:tag]).recent.paginate(:page => params[:page]) end protected def collec...
I'm retroactively writing some tests, using RSpec, for a Rails project. I'm using the CanCan gem to provide authorization. I decided to write a spec that will test the ability.rb model. I then went on to test my remaining models. I've moved on to controllers, and I've run into a huge snag: I'm testing my abilities all over again! Basi...
There are a few very good authorization gems, like cancan and declarative_authorization. But here's a problem: authorization rules are seperated in class, but i need to place them in table or maybe some yaml config file to change them in admin panel eventually. Perfectly, if i can either change permissons for user groups and for individu...
I'm working on a Rails app using CanCan for RBAC and I only have 3 roles and maybe I'll add 1 or 2 more somewhere down the track. In the past I've always had roles as their own entity, joined to users via a m2m link-table. With so few, and static, roles, that seems like overkill. So I'm thinking of simply adding boolean columns to my ...