Rails CanCan: Doesn't CanCan assume I can :read if I can :update?
https://stackoverflow.com/questions/4148438
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
This works for an authorize! call
can [:read,:update], brand
but CanCan::AccessDenied is thrown when the line in the Ability class is changed to:
can :update, brand
brand is not nil.
If I can :update something, shouldn't I automatically be able to :read it?
I just want to know if this is by design, or if I am missing something somewhere.
Solution
This is by design. There are just few default aliases defined:
def default_alias_actions
{
:read => [:index, :show],
:create => [:new],
:update => [:edit],
}
end
So if someone has 'update' right then he has 'edit' right. This is natural for Rails applications which follow REST style.
However you can define your own aliases very simply.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
