I am using cancan for permissions and I would like it so users cannot

Question

0

Asked: May 31, 20262026-05-31T01:17:29+00:00 2026-05-31T01:17:29+00:00

I am using cancan for permissions and I would like it so users cannot

0

I am using cancan for permissions and I would like it so users cannot see other users when visiting their profile/users page. User should only be able to see themselves.

In my ability.rb file I have

class Ability
include CanCan::Ability

def initialize(user)
   user ||= User.new # guest user (not logged in)

   if user.role? :admin
     can :manage, :all
   elsif user.role? :rookie 
     can [:update, :destroy], [Album, Photo, User]
     can :read, :all
   end

  can :manage, Album, :profile => { :user_id => user.id }
  can :manage, Photo, :profile => { :user_id => user.id }
  can :manage, Video, :profile => { :user_id => user.id }
  can :manage, Comment, :blog => { :profile => { :user_id => user.id } }
  can :manage, User, :id => user.id
 end
end

In my users_controller I have

class UsersController < ApplicationController
before_filter :authenticate_user!
load_and_authorize_resource 

 def index
   @user = current_user
 end

 def show
  @user = User.find(params[:id])
 end
end

The above usually works but since user is the primary model I am not sure how I can resolve this. Rails gives me the error

undefined method `user_id'

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T01:17:30+00:00

Editorial Team

2026-05-31T01:17:30+00:00Added an answer on May 31, 2026 at 1:17 am

It should be:

#ability.rb:
can :manage, User, :id => user.id

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am using cancan for permissions and I would like it so users cannot

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply