Skip to content
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.

show and edit are unauthorized on authorized (:manage) object #1031

Open
domachine opened this issue Jul 29, 2015 · 1 comment
Open

show and edit are unauthorized on authorized (:manage) object #1031

domachine opened this issue Jul 29, 2015 · 1 comment

Comments

@domachine
Copy link

I've got a strange case where an object is reported as not accessible, but should be (according to accessible_by). I tested this using the following lines which should be self-descriptive (byebug in a controller):

Customer.accessible_by(current_ability, :show).count  # => 1
current_ability.can? :show, Customer.accessible_by(current_ability).first  # => false

In the show and the edit actions, this ends up in an unauthorized exception. I describe the permissions in the ability using the following code:

    if user
      return unless user.tags
      tags = user.tags.split(',')
      return if tags[0].empty?
      can :manage, Customer, tags: {name: tags}
    end

The customer model is simple:

class Customer < ActiveRecord::Base
  acts_as_taggable
end

I think this should be a working sample according to docs. Any suggestions?
@karlingen
Copy link

https://github.com/CanCanCommunity/cancancan

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@domachine @karlingen