Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorizing Namespaced and Nested controllers using CanCan

I having quite a bit of troubling getting cancan to authorize my new routes setup below:

namespace :api do
namespace :v1 do
  resources :users do
    resources :user_songs
    resources :friendships
    resources :plays
    resources :likes
    resources :songs

I have followed what was posted here https://github.com/ryanb/cancan/wiki/Nested-Resources and tested it with the likes controller by putting this above:

class Api::V1::LikesController < Api::V1::BaseController

load_and_authorize_resource :user
load_and_authorize_resource :like, :through => :user

Using a can :access, :all in ability.rb works but anything else I have tried to limit is has not for example:

can :access, :likes
can :access, Like
can :access, :users
can :access, User
can :access, [:"users/likes", :users_likes]

I am not too sure if the blame is because of the namespace routes or not. Any guidance would be extremely appreciated!

like image 409
nvd Avatar asked Sep 08 '12 20:09

nvd


1 Answers

Found out the answer: It was the namespace after all, it just needed a

can :access, "api/v1/likes"

like image 127
nvd Avatar answered Sep 28 '22 07:09

nvd