Defining Custom Ability in CanCan

Submitted by swarut on Mon, 07/02/2012 - 14:45

In CanCan, the custom ability (rather than resource CRUD) can be defined in the following way.

1. If the method belongs to the controller which has corresponding model (defined as resource).

  1. can :manage, EventRsvp, user_id: user.id
In this case, I have EventRsvp controller and model.

2. If the method has no corresponding model. 

  1. can :company_tags, :tag
In this case, I have a tag controller, but no tag model. The first parameter is the method name in tag controller, and the second parameter is an user-defined one. You can set it to a symbol you like, then when you want to check for authorization, just called authorize! :company_tags, :tag