I successfully made login system with Devise and CanCan, and I have 3
types of users. Admin, internal and global users. I created
Controllers and index actions: Admin, Cpanel, Report and State, and I
want to restrict access to this controllers for some users.
Admin user should have privilegies to access: Reports(all), State
(read), Admin (all)
Global user should have privilegies to access: Reports(only read),
State(read), Cpanel(all)
Internal user should have privilegies to access: Reports(all), State
(read)
And I tried to do this with following code in ability.rs:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, [Report, Admin]
can :read, State
elsif user.role? :global_user
can :read, [Report, State]
can :manage, Cpanel
elsif user.role? :internal_user
can :manage, Report
can :read, State
end
end
end
At this time I have only index actions in this controllers, and when I
login to app with internal user I CAN access to /admin for example,
and that is not behavior that I want. I want to restrict access to all
controllers instead of controllers listed in ability.rb class.
Source code is here: http://cl.ly/2E292R2m2B0X141q3C0S
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.
