Login/Register
Authorizing Namespaced and Nested controllers using CanCan
Asked Answered
Solved ruby-on-railsrubyruby-on-rails-3cancan
C

1

5

I having quite a bit of troubling getting cancan to authorize my new routes setup below: 

namespace :api do
namespace :v1 do
  resources :users do
    resources :user_songs
    resources :friendships
    resources :plays
    resources :likes
    resources :songs

I have followed what was posted here https://github.com/ryanb/cancan/wiki/Nested-Resources and tested it with the likes controller by putting this above: 

class Api::V1::LikesController < Api::V1::BaseController

load_and_authorize_resource :user
load_and_authorize_resource :like, :through => :user

Using a can :access, :all in ability.rb works but anything else I have tried to limit is has not for example: 

can :access, :likes
can :access, Like
can :access, :users
can :access, User
can :access, [:"users/likes", :users_likes]

I am not too sure if the blame is because of the namespace routes or not. Any guidance would be extremely appreciated!

Columnar answered 8/9, 2012 at 20:49 Comment(0)
C
5

Found out the answer: It was the namespace after all, it just needed a

can :access, "api/v1/likes"

Columnar answered 9/9, 2012 at 17:29 Comment(3)
Seems like this only works for get requests and not post requests added can :create, "api/v1/likes" to see if it mattered and it didn't make a difference.Columnar
Figured it out needed a can :access, :likes right below it for it to work.Columnar
There was a bug with this, but it's been fixed in 1.6.10Raphael

© 2022 - 2024 — McMap. All rights reserved.