Rails: cancancan gem condition is not working

0
votes

In my project, I have a user class working with Devise authentication. Each user have one role associated with. For exemple, a manager is the role #1.

Role is a class and there is an association beetween role and user based on role_id. So a manager will have a role_id of 1.

I installed cancancan gem to manage permission for each user. Only a manager can create user account. So, I wrote this in the ability class:

def initialize(user)
    user ||= User.new # guest user (not logged in)
    if user.role_id == 1
      can :manage, :user
    else
      cannot :manage, :user
    end
end

In my user controller, I have this:

def new
  @user = User.new 
  authorize! :manage, @user
end

The problem is when I login with my manager and try to access to new user page, I receive the message from cancancan saying that I don't have the permission to access the page.

I don't know if it's my condition or when I'm trying to access to user.role_id or...

Thanks for your help.

See cancancan gem : https://github.com/CanCanCommunity/cancancan

Edit:

It's normal if my IDE says that it cannot find current_user? enter image description here

Also, if you check on github, there is an example of how to use cancancan:

enter image description here

As you see, there is an @article after the read permission. So I don't think I need to put current_user instead of @user

Finally:

Problem was the :user that was not correct. When it's a model, you need to write a capital letter first for the name of the model without ":". So instead of :user, it should be User

1
ruby-on-railspermissionscancancan
Problem was the :user that was not correct. When it's a model, you need to write a capital letter first for the name of the model without ":". So instead of :user, it should be UserÉmile Pettersen-Coulombe

1 Answers

0
votes

current_user relies on a Rails session. Since this is your #new action on your Users Controller, you don't have an active session, thus no current_user.