cancan
cancan copied to clipboard
ryanb
Check abilities on client side?
I know you can check abilities in "server side" views (erb) using the can? method. What if the views are rendered on the client using a Javascript template engine (say ejs)? In such case the can? is not available. A brute force solution is to "reimplement" the ability.rb file in Javascript, but it is ugly and not DRY. Any ideas for a smarter solution? As a related example, I was able to generate i18n strings and routes map and export them to Javascript assets so that with little modification to the template code all of them are available to the js template engine. I am looking for something similar for cancan.
@hammady My solution using ember.js, was to serialize the can? methods on the object itself. For example if an index array of articles is returned , each article has an array of properties as [can_read, can_create, etc ]. Sure this can be hacked , so each time a user is trying to modify something an ajax call is made to the server that validates the object and authorizes the action. I'm planning on writing an article on this and publishing a gem for rails - ember soon.
Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.
CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.
If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.
We hope to see you on the other side!
For those who are looking for the client side or nodejs solution please check https://github.com/stalniy/casl which was ispired by cancan and implements the same logic in JavaScript.
And if you want integrate casl with cancan(can) check this post https://medium.com/dailyjs/casl-and-cancan-permissions-sharing-between-ui-and-api-5f1fa8b4bec
