Login/Register
cancan: the difference between "manage" and the combination of "read, create, update and destroy"?
Asked Answered
Solved ruby-on-rails-3cancan
D

2

16

In trying to debug use of cancan i found that if use the following i can get past the accessdenied message:

  can :manage, Model

When i changed it to the following I am denied access:

  can :read, Model
  can :create, Model
  can :update, Model
  can :destroy, Model

What does manage include that the combination of read, create, update and destroy do not?

Thanks.

Deadlight answered 14/8, 2011 at 14:12 Comment(0)
C
14

You can define custom actions (When you define a user's abilities for a given model, you are not restricted to the 7 RESTful actions (create, update, destroy, etc.), you can create your own.) If you have manage all, you wold be able to access those custom actions too.

Corridor answered 14/8, 2011 at 14:42 Comment(1)
Thanks for the help. I didn't know it worked on the actions. I thought it related strictly to the means of accessing data via the models. There are so many custom actions in the application the abilities model is probably going to triple in size and complexity. Darn!Deadlight
I
23

By default CanCan maps :read, :create etc. to the relevant controller actions e.g.:

def default_alias_actions
  {
    :read => [:index, :show],
    :create => [:new],
    :update => [:edit],
  }
end

But, of course you're not restricted to having just those actions in your controller, ultimately a controller action can have any name. By the same token you're not restricted to having just :read, :create, :update, :detroy in CanCan. You can alias any symbol to any controller action. Let us say you have an action on your controller called do_cool_things, you can then alias any symbol to that action to be used by CanCan e.g.:

alias_action :do_cool_things, :to => :coolify

You would then be able to do this:

can :coolify, Neighborhood

Which means the current user would have access to the :do_cool_things method of the NeighborhoodsController. However if you had used :manage you wouldn't need to define this separate action since :manage is a catch-all. So if you had done:

can :manage, Neighborhood

The current user would still have had access to the :do_cool_things method of the controller.

So, :manage lets you do anything, but :read, :create, :update and :destroy are only 4 of an infinite number of CanCan actions that you can define and map to any controller action you choose.

Intemperance answered 14/8, 2011 at 14:53 Comment(1)
+1 for all the cool information provided. Thanks. Trying to figure out how to best design my ability model. If i post a related question i'll notify you.Deadlight
C
14

You can define custom actions (When you define a user's abilities for a given model, you are not restricted to the 7 RESTful actions (create, update, destroy, etc.), you can create your own.) If you have manage all, you wold be able to access those custom actions too.

Corridor answered 14/8, 2011 at 14:42 Comment(1)
Thanks for the help. I didn't know it worked on the actions. I thought it related strictly to the means of accessing data via the models. There are so many custom actions in the application the abilities model is probably going to triple in size and complexity. Darn!Deadlight

© 2022 - 2024 — McMap. All rights reserved.