Accessing get params in CanCan

Question

Is it possible to access parameters passed in the url in CanCan? I'm trying to authenticate guests based on a token in the url.

Thanks!

Answer 1

I recently achieved something similar using the method described here:

https://github.com/ryanb/cancan/wiki/Accessing-request-data

In my case, it looked something like this:

app/controllers/application_controller.rb:

class ApplicationController < ActionController::Base

  ...

  def current_ability
    @current_ability ||= Ability.new(current_user, params[:token])
  end

end

app/models/ability.rb:

class Ability
  include CanCan::Ability

  def initialize(user, token=nil)
    ...
    can :read, Article, :tokens => { :token => token }
    ...
  end

end

Answer 2

Currently, we are using something similar to authorize! action, resource, session[:access_token] in a before filter - from this page: http://spreecommerce.com/documentation/security.html