Skip to content
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.

Ability issue with block definition #913

Open
tbuehlmann opened this issue Aug 6, 2013 · 3 comments
Open

Ability issue with block definition #913

tbuehlmann opened this issue Aug 6, 2013 · 3 comments

Comments

@tbuehlmann
Copy link

Using CanCan 1.6.10 and Rails 4, I stumbled over a weird issue.

Short example:

# ability.rb
class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new(role: 'user')

    can :read, Group do |group|
      user.group_memberships.where(group_id: group.id).exists?
    end

    can :manage, Group do |group|
      user.group_memberships.where(group_id: group.id, role: 'admin').exists?
    end
  end
end

# weirdo spec
it 'wtfs' do
  ability = Ability.new(nil)
  expect(ability).not_to be_able_to(:manage, Group) # this will fail
end

I didn't expect the ability to be able to manage Group. Am I missing something or is this seriously broken?

Repo for you right here.
@tbuehlmann
Copy link
Author

Update: It's not that bad, easy to fix it seems. See

cancan/lib/cancan/rule.rb

Lines 33 to 34 in 440bd88

elsif @block && !subject_class?(subject)
@block.call(subject, *extra_args)
.

# ability.rb
can :read, Group { |group| ... }

# application
can? :read, Group # => true

To "fix" this, add the following:

elsif @block && !subject_class?(subject)
  @block.call(subject, *extra_args)
elsif @block && subject_class?(subject)
  false

Question: Am I still missing something or is the behaviour I desire not intended?

For now, I'll use a fork: https://github.com/tbuehlmann/cancan/tree/hotfix/block_definition.

@xhoy
Copy link

xhoy commented Jul 1, 2014

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

@tbuehlmann
Copy link
Author

Yeah, no, I replaced CanCan with Pundit long ago and I'm happy ever after. Thanks for the hint though. I'll let this Issue open since I don't know the actual code and whether or not this is still a thing.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tbuehlmann @xhoy