[Rails] authorization with cancan

Mohammed Rashid Tue, 06 Jan 2015 05:28:08 -0800

After looking at the ability.rb. I have  allowed the admins to manage
everything (that part works) but how do I allow the user to just, view
and edit their own Logg using cancan? At the moment the users cannot
view anything at all, not even their own created logg. But admins can do
everything.


    class Logg < ActiveRecord::Base
    has_and_belongs_to_many :user
    end

      class User < ActiveRecord::Base
        devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
          ROLES = %w[admin moderator author banned]
       has_and_belongs_to_many :logg
   end




I have no User controller. I have  the loggs controller:


    class LoggsController < ApplicationController

     before_action :set_logg, only: [:show, :edit, :update, :destroy]
     load_and_authorize_resource

      respond_to :html

     def index
     @loggs = Logg.all
    respond_with(@loggs)
     end

    def show
    respond_with(@logg)
    end

     def new
    @logg = Logg.new
    respond_with(@logg)
     end

    def edit

    end

     def create
    @logg = Logg.new(logg_params)
    @logg.save
    respond_with(@logg)
     end

     def update
    @logg.update(logg_params)
    respond_with(@logg)
    end

    def destroy
     @logg.destroy
    respond_with(@logg)
    end

     private
     def set_logg
       @logg = Logg.find(params[:id])
     end

     def logg_params
      params.require(:logg).permit(:name, :date, :time,
:whats_gone_well_this_week, :whats_not_gone_well_this_week,
:learnt_anything_new, :what_would_you_like_to_improve, :anything_else)
    end
 end



    class Ability
    include CanCan::Ability
    def initialize(user)

       if user.nil?
      cannot :read, Logg
      elsif user.admin?
      can :manage, Logg
     else
      can :create, Logg, :user_id => user.id
      can :update, Logg, :user_id => user.id
      end
      end
    end

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/rubyonrails-talk/a70a3b2c7467d74e44571aed6efb03b0%40ruby-forum.com.
For more options, visit https://groups.google.com/d/optout.

[Rails] authorization with cancan

Reply via email to