Can Cancan be used to restrict access to specific values for a single model?
https://stackoverflow.com/questions/3865371
-
28-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a Rails 3 application that has Categories. A category can be administered by somebody with the Category Owner role. But the Category Owner should only be able to access Categories that he owns, not others. I can lock down the admin functions using CanCan, but I need to restrict the specific categories themselves.
Solution
You can do it in one of two ways.
You can either specify a hash of attributes to restrict access in your Ability class.
can :manage, Category, :user_id => user.id
Or you can use a block:
can :manage, Category do |c|
c && c.user_id == user.id
end
These both check whether the user_id attribute on the category you are checking against matches the user you are checking for.
These are described under Defining Abilities with Hashes and Defining Abilities with Blocks respectively in the CanCan documentation.
