Menu
I'm changing some of my custom CanCan actions in the Ability class to use blocks instead of just a hash but now they've stopped actually restricting access. The odd thing is that the built in actions like :manage and :create, etc. seem to still be working fine with the blocks.
This is one example:
OLD
# this one works
can :share, Project, :user_id => user.id
NEW
# this one doesn't work
can :share, Project do |project|
project.users.exists?(user)
end
Anyone run into this issue before?
856
I can't say much about your undesired behavior, but you probably shouldn't be changing hashes to block, as these hashes give you the ability of fetching records. Read this article carefully in CanCan wiki.
149
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
