Cancan roles issue

Rafa_F · July 2, 2013, 12:24am

Rails 3.2.11
Ruby 2

Hi,

I am building my first rails app and decided to use Devise(2.2.4) and
Cancan(1.6.10) for auth and role management. The auth part works nicely
but
I haven’t been able to get cancan working correctly. I have one role
setup(admin). But when I try view the users index page it redirects me
to
the homepage even though I’m an admin. ANy advice on where I may be
going
wrong is most welcomed.

Here is my code:

app/models/ability.rb

class Ability

include CanCan::Ability

def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
else
can :read, :all
end
end
end

app/controllers/users_controller.rb

class UsersController < ApplicationController

load_and_authorize_resource
before_filter :authenticate_user!

def index
@users = User.all
authorize! :manage, @users

respond_to do |format|
  format.html
  format.json  { render :json => @users }
end

end
end

app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

protect_from_forgery

def after_sign_in_path_for(resource)
root_url
end

rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end

def current_ability
@current_ability ||= Ability.new(current_user)
end

#load the permissions for the current user so that UI can be
manipulated
def load_permissions
@current_permissions = current_user.role.permissions.collect{|i|
[i.subject_class, i.action]}
end

end

phil · July 2, 2013, 2:12am

On Jul 1, 2013, at 6:22 PM, Phil wrote:

app/models/ability.rb
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end

def current_ability
@current_ability ||= Ability.new(current_user)
end

This may be the problem. I have never once defined the current_ability
method, just relied on CanCan to provide it. See what happens if you
comment this out and restart your server.

Walter

phil · July 2, 2013, 10:28pm

Thanks for the replies, I got to the bottom of the issue. I was
following
this in a tutorial and had the following on my users model, which was
converting the role name to camelcaze, so when I removed the “.camelize”
it
let me in to the restricted pages as expected. Thanks again for the
help!

def role?(role)
return !!self.roles.find_by_name(role.to_s.camelize)
end