Home/ Questions/Q 7761441
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T14:08:11+00:00

I am trying to use a Forem gem which happens to utilise CanCan authorisation

  • 0

I am trying to use a Forem gem which happens to utilise CanCan authorisation framework as well as my main application. Both the main application and Rails Engine have their own ability.rb files.

The problem happens in the layout, when I am trying to do some authorisation checks:

    <% if can? :update, User %>
        <%= link_to_current_user :content_method => :login %>.
    <% else %>

When I am utilising the layout file on the engine it consults it’s own ability.rb file for authorisation. Naturally, there are no rules from my main application so authorisation fails when it should not. Is there any way for me to force it to go to the “main” CanCan?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think the easiest solution is going to be to monkey-patch forem’s definition to add your own declarations:

    class Forem::Ability
  alias_method :orig_init, :initialize
  def initialize(user)
    orig_init(user)

    # Put your own authorization code here.
  end
end

class Ability < Forem::Ability; end

    When in the context of the engine the can? method must be using the engine’s controller/namespace to authorize actions (Forem::Ability), when in your own application’s context it is using your own controller and no namespace to do the same.

    Therefore, I think this solution here (which will add all authorization actions to both Ability and Forem::Ability should solve your problem.

    UPDATE: I realize now that the engine’s controller’s current_ability method probably reads something like:

    def current_ability
  @current_ability ||= Forem::Ability.new(current_user)
end

    And yours (defaulted from the cancan gem) reads something like:

    def current_ability
  @current_ability ||= Ability.new(current_user)
end

    So my solution above should fix your problem, but this is likely the specific issue that it’s having.

    • 0