cancan icon indicating copy to clipboard operation
cancan copied to clipboard

Published 20 hours ago verified publisher icon ryanb

load_and_authorize_resource not loading the index collection in CanCan 2.0

Open lserman opened this issue 11 years ago • 3 comments

I am trying out CanCan 2.0 for the first time, in order to use ollym's fork for strong parameters.

My controller is namespaced Builder::ContactsController. So in my Ability:

can [:index, :show], :"builder/contacts"

This allows me to bypass the ensure_authorization check and get into my index method. I have included load_and_authorize_resource in the controller, but the @contacts variable is not loaded by CanCan.

Is there something else I need to be doing in CanCan 2.0 to load this resource? I have tried using the class option but that doesn't work either. Also, no calls to load_resource or anything CanCan-related are found in my trace. No SQL for contacts is generated (according to the log) either.

This all works in CanCan 1 using this:

can :read, Contact

I've tried adding the above line to my ability.rb when using CanCan 2, and it still doesn't work.

lserman avatar May 27 '13 20:05 lserman

I can't reproduce this.

Please include the cancan line from your Gemfile.

Does CanCan::ControllerResource#load_collection run? You can open the cancan source (find it with bundle show) and use pry or a puts to find out.

Can you write a failing spec? Or, can you reproduce this starting from rails new and publish the failing app?

jaredbeck avatar Jun 02 '13 05:06 jaredbeck

I had the same error the problem was that I had defined both a block and a normal ability and expected it to ignore the block. As far as I can think this should not compromise security as long as no cannot blocks are used.

ssendev avatar Jun 17 '13 18:06 ssendev

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

xhoy avatar Jul 01 '14 07:07 xhoy