Devise and cancan gems: has_many association

Posted by tiktak on Stack Overflow See other posts from Stack Overflow or by tiktak
Published on 2012-07-08T15:04:27Z Indexed on 2012/07/08 15:15 UTC
Read the original article Hit count: 255

Filed under:

ruby-on-rails

|

devise

|

authorization

|

cancan

|

has-many

I use devise and cancan gems and have simple model association: user has_many subscriptions, subscription belongs_to :user. Have following SubscriptionsController:

class SubscriptionsController < ApplicationController

  load_and_authorize_resource :user
  load_and_authorize_resource :subscription, through: :user

  before_filter :authenticate_user!

  def index
    @subscriptions = @user.subscriptions.paginate(:page => params[:page]).order(:created_at)
  end

  #other actions
end

And Cancan Ability.rb:

class Ability
  include CanCan::Ability

  def initialize(user)

    user ||=User.new

    can [:index, :show], [Edition, Kind]

    if user.admin?
      can :manage, :all
    elsif user.id
      can [:read, :create, :destroy, :pay], Subscription, user_id: user.id
      can [:delete_from_cart, :add_to_cart, :cart], User, id: user.id
    end

  end

end

The problem is that i cannot use subscriptions actions as a user but can as a admin. And have no problems with UsersController. When i delete following lines from SubscriptionsController:

  load_and_authorize_resource :user
  load_and_authorize_resource :subscription, through: :user

  before_filter :authenticate_user!

Have no problems at all. So the issue in these lines or in Ability.rb. Any suggestions?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Ruby on Rails - How can I start? [closed]

as seen on Programmers - Search for 'Programmers'
I have misconception in understanding the relationship between Ruby language and Ruby on Rails Framework. Because of 'I am an absolute beginner' in web development I have no idea if I have to grasp the fundamentals of Ruby before I go with Ruby on Rails! I also want to ask who is behind both Ruby… >>> More
DES3 decryption in Ruby on Rails

as seen on Stack Overflow - Search for 'Stack Overflow'
My RoR server receives a string, that was encrypted in C++ application using des3 with base64 encoding The cipher object is created so: cipher = OpenSSL::Cipher::Cipher::new("des3") cipher.key = key_str cipher.iv = iv_str key_str and iv_str: are string representations of key and initialization… >>> More
Ruby on rails: Image downloads with Authentication/Authorization/Time outs

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Guys, I'm having few doubts on implementing file downloads. I'm creating an app where I use attachment_fu with Amazon s3 to upload files. Things are working pretty well so far on uploading side. Now its the time to start the file downloads. Here is what I need, a logged in user search and browse… >>> More
Ruby on Rails deployment, on "thin" server with lot of attachments

as seen on Stack Overflow - Search for 'Stack Overflow'
A lot of PDFs are stored inside MySQL as a BLOB field for each PDF file. The average file size is 500K each. The Rails app will stream the :binary data as file downloads, where there is a user click on the download link. Assume there is a maximum of 5 users downloading 5 PDFs concurrently, what… >>> More
Apply Behavior Driven Development to Ruby on Rails with Rspec

as seen on Internet.com - Search for 'Internet.com'
Applying the Behavior Driven Development (BDD) methodology to your Rails development takes you beyond traditional Test Driven Development. Learn how to do it with the Ruby-based BDD framework RSpec. >>> More

Related posts about devise

Devise routes to only use custom sign in page

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to learn Devise and seem to have hit a problem that is nearly the same as many, many questions here on SO but just slightly different enough that I am not getting much traction following those questions' threads. I have a very simple application. Users can sign in and sign out (and also… >>> More
searching for a guide how to setup mongo_mapper, devise, haml with rails3

as seen on Stack Overflow - Search for 'Stack Overflow'
is there a full setup guide for mongo_mapper, haml, rails3 and devise, for the current git (master) branches? a lot of things changed in all of those frameworks/libs lately. i was wondering if somebody has it up and running and can share it on github or give some pointers... >>> More
Using devise with Rails 3 beta

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently trying to use Devise 1.1.pre3 as authentication in my upcoming project, but I can't get it to work properly. I have done everything it says in the documentation, installed warden and the correct Devise version, run the install and used the generator to create the model. But when I try… >>> More
Devise routes /:param not working

as seen on Stack Overflow - Search for 'Stack Overflow'
Using devise 2.1.0 I am trying to send the new registration page a PricingPlan model. So in my routes I have: devise_scope :user do delete "/logout" => "devise/sessions#destroy" get "/login" => "devise/sessions#new" get "/signup/:plan" => "devise/registrations#new" end And… >>> More
Testing devise with shoulda

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I'm having some difficulties in testing devise with shoulda: 2) Error: test: handle :index logged as admin should redirect to Daily page. (Admin::DailyClosesControllerTest): NoMethodError: undefined method `env' for nil:NilClass devise (1.0.6) [v] lib/devise/test_helpers.rb:52:in `setup_controller_for_warden' I… >>> More