This is not a question for the rails-core mailing list. On Tue, Mar 1, 2011 at 7:56 PM, [email protected] <[email protected]>wrote:
> I successfully made login system with Devise and CanCan, and I have 3 > types of users. Admin, internal and global users. I created > Controllers and index actions: Admin, Cpanel, Report and State, and I > want to restrict access to this controllers for some users. > > Admin user should have privilegies to access: Reports(all), State > (read), Admin (all) > > Global user should have privilegies to access: Reports(only read), > State(read), Cpanel(all) > > Internal user should have privilegies to access: Reports(all), State > (read) > > And I tried to do this with following code in ability.rs: > > class Ability > include CanCan::Ability > > def initialize(user) > user ||= User.new # guest user (not logged in) > > if user.role? :admin > can :manage, [Report, Admin] > can :read, State > elsif user.role? :global_user > can :read, [Report, State] > can :manage, Cpanel > elsif user.role? :internal_user > can :manage, Report > can :read, State > end > end > end > At this time I have only index actions in this controllers, and when I > login to app with internal user I CAN access to /admin for example, > and that is not behavior that I want. I want to restrict access to all > controllers instead of controllers listed in ability.rb class. > > Source code is here: http://cl.ly/2E292R2m2B0X141q3C0S > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-core?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
