Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a Rails 3 application that has Categories. A category can be administered by somebody with the Category Owner role. But the Category Owner should only be able to access Categories that he owns, not others. I can lock down the admin functions using CanCan, but I need to restrict the specific categories themselves.
You can do it in one of two ways.
You can either specify a hash of attributes to restrict access in your
Abilityclass.Or you can use a block:
These both check whether the
user_idattribute on the category you are checking against matches the user you are checking for.These are described under Defining Abilities with Hashes and Defining Abilities with Blocks respectively in the CanCan documentation.