rails_admin+cancan2 unauthorized access in dashboard

StackOverflow https://stackoverflow.com/questions/20937426

Question

Using rails_admin + cancan2 i have a problem with the ability. according with the official docs https://github.com/sferik/rails_admin/wiki/CanCan i have configured my ability.rb file:

class Ability
  include CanCan::Ability

  def initialize(user)
    can :read, :all

    if user
      if user.has_role? :admin
        can :access, :all
      end
      if user.has_role? :manager
        can :access, :rails_admin   # grant access to rails_admin
        can :dashboard              # grant access to the dashboard
      end
    end
  end
end

the problem is using cancan version 1.6 works fine, but using cancan 2 the "manager" is unauthorized to access in the dashboard, but he is authorized to access in rails admin. So: 

can :access, :rails_admin   #work
can :dashboard     #don't work

if i go in localhost:3000/admin the error is the classic 

CanCan::Unauthorized in RailsAdmin::MainController#dashboard

but if i go localhost:3000/admin/models it works, so the 

can :dashboard     #don't work

doesn't works

can you help me?

Was it helpful?

Solution 

can :dashboard, :all

should work.

After displaying dashboard, you need another patch for work with CanCan 2.0

# patch for CanCan 2.0
module RailsAdmin
  module Extensions
    module CanCan
      class AuthorizationAdapter
        def authorize(action, abstract_model = nil, model_object = nil)
          @controller.current_ability.authorize!(action, model_object || abstract_model && model_name(abstract_model.model)) if action
        end
        def authorized?(action, abstract_model = nil, model_object = nil)
          @controller.current_ability.can?(action, model_object || abstract_model && model_name(abstract_model.model)) if action
        end
        private
        def model_name(model)
          model.to_s.underscore.pluralize.to_sym
        end
      end
    end
  end
end

OTHER TIPS

I've never seen something like 

can :dashboard

The normal structure of the can directive is "can :action, :object" (or class)

So, from what I understand from your question, I assume you should change this into

can :manage, :dashboard

if you want to assign "all rights"

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top