Menu
In trying to debug use of cancan i found that if use the following i can get past the accessdenied message:
can :manage, Model
When i changed it to the following I am denied access:
can :read, Model
can :create, Model
can :update, Model
can :destroy, Model
What does manage include that the combination of read, create, update and destroy do not?
Thanks.
245
By default CanCan maps :read, :create etc. to the relevant controller actions e.g.:
def default_alias_actions
{
:read => [:index, :show],
:create => [:new],
:update => [:edit],
}
end
But, of course you're not restricted to having just those actions in your controller, ultimately a controller action can have any name. By the same token you're not restricted to having just :read, :create, :update, :detroy in CanCan. You can alias any symbol to any controller action. Let us say you have an action on your controller called do_cool_things, you can then alias any symbol to that action to be used by CanCan e.g.:
alias_action :do_cool_things, :to => :coolify
You would then be able to do this:
can :coolify, Neighborhood
Which means the current user would have access to the :do_cool_things method of the NeighborhoodsController. However if you had used :manage you wouldn't need to define this separate action since :manage is a catch-all. So if you had done:
can :manage, Neighborhood
The current user would still have had access to the :do_cool_things method of the controller.
So, :manage lets you do anything, but :read, :create, :update and :destroy are only 4 of an infinite number of CanCan actions that you can define and map to any controller action you choose.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
