Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails Can Can Ability Class For Multiple Devise Models

Tags:

ruby-on-rails

ruby-on-rails-3

devise

activeadmin

cancan

I was wondering how I can define an ability class and serve that ability class depending on the user that has logged in.

I am using Active Admin, Can Can and Devise and I have successfully created a User and an AdminUser models.

I have this in my ability.rb 

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new

    if (user)
      can :manage, Item
    end
  end
end

Now I have used this wiki entry to determine that we can indeed define a custom ability file and use that instead of the ability.rb:

https://github.com/ryanb/cancan/wiki/changing-defaults

But what I wanted to do is, be able to use ability.rb if a "non-admin user" is signed in and a custom abilty if a user admin is signed in.

Side Question: Could it be done such that I don't need a custom one and I could set permissions in one ability.rb file?

like image 571
yretuta Avatar asked Oct 26 '11 02:10

yretuta

1 Answers

I've never really used ActiveAdmin, so I'm not entirely sure if I'm missing something, but it doesn't seem like that framework relies on CanCan. That's why I'm assuming you're defining a current_ability method like explained in the wiki and it's instantiated with Ability.new(current_user).

If that's the case, and your current_user can be either a User or an AdminUser, then there's no problem in checking for that in the Ability class:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new

    if user.kind_of? AdminUser
      can :manage, Item
    elsif user.kind_of? User
      can :read, Item
    end
  end
end

You can simply take a look at the user's type and change the rules accordingly. You can also use is_a? instead of kind_of? for stricter checking, but it's probably not required and might cause issues if you decide to do inheritance later on.

Another way you could check is by defining an admin? method in both models. This might be a better way to do it, since explicit type checking is not very popular in ruby -- it often limits your choices. It might look like this:

class User < ActiveRecord::Base
  def admin?
    false
  end
end

class AdminUser < ActiveRecord::Base
  def admin?
    true
  end
end

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new

    if user.admin?
      can :manage, Item
    else
      can :read, Item
    end
  end
end
like image 161
Andrew Radev Avatar answered Nov 15 '22 17:11

Andrew Radev
Sign in to Comment

Related questions

rails/minitest don't load fixtures for select tests
How to find current abstract route in Rails middware
Best Practices for using partials in Rails
RESTful-Authentication or Authlogic?
ActiveRecord Virtual Attributes treaded as a record attributes
Rails, jQuery, .js.erb files, JS not executed by the browser
Throttling requests to a Ruby on Rails API
Excluding files from being deployed with Capistrano while still under version control with Git
Have Rails 2.3.x ignore the i18n gem
Rails 3 > Rendering views in rake task
In Ruby on Rails, what does "resource" mean?
Renaming model association attributes in Rails JSON serialization?
Overriding Devise's registration controller to allow for a redirect after a successful sign_up has been done
How can I do inline formatting (bold and underline) for PDF generated by Prawnto in Rails?
Rails session is blank when using HTTP put
Ruby on Rails: what performance can I realistically aim for?
Accessing compiled routes in Grape / Rack::Mount::Route
How to get Koala to play nicely with Omniauth?
Tracking field changes with rails observers
Devise Logging User out on AJAX request. Rails 3.1

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!