I am using Devise and Cancan gems on a Rails 3.1 app. I added

Question

0

Editorial Team

Asked: June 14, 20262026-06-14T21:55:53+00:00 2026-06-14T21:55:53+00:00

I am using Devise and Cancan gems on a Rails 3.1 app. I added

0

I am using Devise and Cancan gems on a Rails 3.1 app.

I added several additional columns to User.

I managed to define the abilities and they work fine, I can see that it works but I haven’t figured out how do I unauthorize actions (such as :update) since I don’t have access to Devise or users controller?

How do that work?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T21:55:55+00:00

Or, try using the following in ability.rb

 if user.role? :admin
  can [:create, :read], [Model1, Model2]
 end

 if user.role? :user
  can [:read], Model1, :id => user.id
 end

That will allow admins to create or read but not update. And allow users to read Model1 if it belongs to them. If you create custom actions, like “copy_model”, you could add the same to ability.rb

 ...
 can [:copy_model, :read], Model1, :id => user.id
 ...

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am using Devise and Cancan gems on a Rails 3.1 app. I added

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply