Home/ Questions/Q 8124043
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T06:21:04+00:00

Either I am missing something or not understanding other posts/instructions. I am trying to

  • 0

Either I am missing something or not understanding other posts/instructions. I am trying to do database based abilities with standard Models as well as model-less controllers. In the DB I have:

| action_name | object_type             |
|:index       |Tag                      |
|:index       |AssetDashboardController |

Tag will work just fine… AssetDashboardController gets passed as a Class rather than a symbol and therefore fails can.

Rails console attempts with string & constantize:

1.9.3p194 :017 > "AssetDashboardController".constantize
 => AssetDashboardController 
1.9.3p194 :018 > "Tag".constantize
 => Tag(id: integer, tag_unique: string, room_monitor_id: integer, star_id: integer, map_id: integer, tracked_type_id: integer, tracked_object_id: integer, x: integer, y: integer, created_at: datetime, updated_at: datetime) 
1.9.3p194 :019 >

“AssetDashboard” in place of “AssetDashboardController” in the DB gets NameError: uninitialized constant AssetDashboard and “asset_dashboard” in place of “AssetDashboardController” gets NameError: wrong constant name asset_dashboard

Ability.rb:

  def initialize(user)
    user ||= User.new #in case user is not passed there is a blank user to validate against

    if user.is_implementer?
      can :manage, :all
    elsif user.user_permissions.exists?
      user.user_permissions.each do |user_permission|
        can user_permission.permission.action_name.to_sym, user_permission.permission.object_type.constantize
      end
    elsif !user.role.nil?
      user.role.default_role_permission.each do |role_permission|
        can role_permission.permission.action_name.to_sym, role_permission.permission.object_type.constantize
      end
    else
      can :read, [Asset, Patient, StaffMember, AssetDashboardController, PatientDashboardController, DashboardController]
    end
  end
end

AssetDashboardController.rb

class AssetDashboardController < ApplicationController
  authorize_resource :class => false

  def index

  end

end

If I put this in Ability.rb:
can [:show, :index], :asset_dashboard
it works fine.

Please let me know if there is more I can add.

Rails 3.0.13, Cancan 1.67, Ruby 1.9.3p194 on RVM

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I wound up doing a couple of things. I set a database field and then in the ability.rb I did this:

    can user_permission.permission.action_name.to_sym,user_permission.permission.no_model_permission? ? user_permission.permission.object_type.to_sym : user_permission.permission.object_type.constantize

    If the no_model_permission is false I use the constantize method on the object_type in the DB. If not I use to_sym.

    With the non model object_types I have to use “asset_dashboard” for the object_type rather than “AssetDashboardController”

    A bit hacky but I could not figure a more elegant solution

    • 0