Rails3 - CanCan - 未初始化的常量Ability :: Page

Question

I have just added cancan 1.5.0 to my rails 3 app here is my ability file -

def initialize(user)
 user ||= User.new

if user.role == 'Admin'
  can :manage, :all
end
if user.role == 'Standard'
  can :manage, Library
  can :manage, Page
else
  can :manage, Page
  can :manage, Library
end

I have a custom class (non-restful functions)

class PagesController < ApplicationController
 authorize_resource :class => false

 def home
 end
end

As you can see I am using the correct function for a not restful class but I am still getting this error -

uninitialized constant Ability::Page

Here is the beginning of the stacktrace -

app/models/ability.rb:16:in `initialize'
cancan (1.5.0) lib/cancan/controller_additions.rb:327:in `new'
cancan (1.5.0) lib/cancan/controller_additions.rb:327:in `current_ability'
cancan (1.5.0) lib/cancan/controller_additions.rb:308:in `authorize!'
cancan (1.5.0) lib/cancan/controller_resource.rb:40:in `authorize_resource'
cancan (1.5.0) lib/cancan/controller_resource.rb:9:in `block in add_before_filter'
activesupport (3.0.3) lib/active_support/callbacks.rb:436:in `   _run__1386450187816505438__process_action__15559788756486462__callbacks'
activesupport (3.0.3) lib/active_support/callbacks.rb:409:in `_run_process_action_callbacks'
activesupport (3.0.3) lib/active_support/callbacks.rb:93:in `run_callbacks'

Thanks, Alex

Answer 1

The CanCan documentation describes the can method as:

The can method is used to define permissions and requires two arguments. The first one is the action you're setting the permission for, the second one is the class of object you're setting it on.

So, the problem is that you don't have a Page class in your system for CanCan to manage access to.

Note that CanCan is built as: (emphasis added by me)

an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

So if you are aiming to control abstract concepts which don't have rails resources attached to them then you'll probably have a tough time with CanCan

Answer 2

Just a note to anyone finding this now on...

You can authorise any non-restful controller, abstract classes and methods..

Example:

/app/models/role_ability.rb

class RoleAbility
   def initialize(user)
     user ||= User.new

     if user.role == 'Admin'
      can :manage, Post      # some existing resource_authorisation
      can :do_this, :on_this # authorizing a non resource    
     end
   end
end

:do_this and :on_this are completly arbitrary but they must match the authorize! params in the controller like so...

class Controller < ApplicationController
   def some_abstract_method
      ### Awesome method code goes here

      authorize! :do_this, :on_this
   end
end

Just remember that chances are you probably already have some resource authorization happening from within the ApplicationController maybe like this

class ApplicationController 
   authorize_resource || authorize! :admin, Object || load_and_authorize_resource etc
end

so remember to skip_authorize_resource in your non-restful/abstract controller

class AbstractController < ApplicationController

   skip_authorize_resource

   def some_abstract_method
      authorize! :do_this, :on_this
   end
end

Now an admin can :do_this, :on_this and will authorize nicely. You would probably want to name the ability a bit more semantically, just wanted to emphasize the arbitrary-ness.

This is all using Cancan 1.5, haven't tried on anything earlier.

From https://github.com/ryanb/cancan/wiki/Non-RESTful-Controllers