TechQA.

cancancan ability returns false but is still accessible?

283 views Asked by At

I have a standard cancancan setup. The Article model has an attribute approved. Then standard setup:

# articles controller

load_and_authorize_resource only: [:index, :show] 

def show 
end

# ability.rb

    # Solution 1
    # can :show, Article, { approved: true }


    # Solution 2
    can [:show], [Article] do |article|
      article.approved? 
    end

When I try either of the solutions, the results return as expected in the console or debugger (i.e. ability.can?(:show, @article) returns true if the article has been approved, and false otherwise).

The strange thing is, the show view is still accessible in the browser, when the false returned above clearly states that it shouldn't be accessible.

I can't work out why?

ruby-on-rails cancan cancancan
Original Q&A
1

There are 1 answers

0
stevec On

After much help debugging in another forum, we never figured out why the above didn't work. But the desired behaviour was implemented by not using load_and_authorize_resource, and instead placing this in the controller action:

authorize! :show, @article

I'd be very curious to understand why this approach works, but the initial approach doesn't.

Related Questions in RUBY-ON-RAILS

Related Questions in CANCAN

Related Questions in CANCANCAN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions