Home/ Questions/Q 6995353
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T20:00:42+00:00

I am using cancan for authorization. I have a shared view which need authorize

  • 0

I am using cancan for authorization. I have a shared view which need authorize depending on which controller it is.

The problem is:
I have shared partial (description.rhtml) and it is used by two different models (Product and Orders). So when some one go to

http://www.example.com/product/1 – description section shows description about product
http://www.example.com/order/1 – description section shows description about order

This description section has edit button on it so the user can edit it but the condition is

  • the user must be owner of the product when on product/1 page or
  • owner of order when user is on order/1 page.

My ability class check for

  • if user is owner or not – depending on product or order controller
    However on view:

    if (can? :update, @orders) || (can? :update, @product)
< hide edit button >
end

    but if can? :update, @orders return true or false, it show or hides edit button depending on that condition only

So my question is how can make use CanCan to tackle this problem

Hope I was clear.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you should not use the exact same partial for products and orders.

    You might want to use a layout:

    views/layouts/description.html.erb

    <div class="description">
    <%= model.description %>
    <!-- other common code... -->
    <div class="actions">
        <%= yield %>
    </div>
</div>

    views/orders/description.html.erb

    <%= render :layout => "layouts/description", :locals => { :model => @order } do %>
    <%= if (can? :update, @order) %>
       your link
    <% end %>
<%= end %>

    You don’t have to do that, but I think it’s cleaner than having to deal with several models in the same partial.

    side note:

    but if can? :update, @orders return true or false, it show or hides edit button depending on that condition only

    I don’t really understand that. If @orders were null, then can? would return false, and the result of the whole expression would be the result of (can? :update, @product) which, I thought, was what you wanted.

    • 0