I have implemented Devise for Authentication and Authorization in ROR application everything seems fine but getting one issue.
I have two modals “Account” and “Transactiona” , and so two controllers respectively.
My Transaction Index view call one of Account Controller method like this
$.post("accounts/our_miles_balance/?account_number="+$("#account_number").val(),function(data)
{
$("#our_miles_balance").val(data);
});
When this ajax post run it gives following error and sign out admin user
You need to sign in or sign up before continuing
Here is my Ability Class
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role == 1 #admin
can :manage, :all
can :read, :all
elsif user.role == 2 #Vendor
can :manage, VendorTransaction
can :index, Account
end
end
end
What i m doing wrong her, please help….
Edit
Ok Here is my Transaction controller
require 'csv'
class TransactionsController < ApplicationController
load_and_authorize_resource
helper_method :sort_column, :sort_direction
respond_to :html, :js
def index
per_page = 40
@transactions = Transaction.search(params[:id]).order(sort_column + " " + sort_direction)
respond_to do |format|
format.html # index.html.erb
format.csv { render :csv => @transactions}
end
AND Account Controller
class AccountsController < ApplicationController
load_and_authorize_resource
helper_method :sort_column, :sort_direction
def index
@accounts = Account.search(params[:program_id]
respond_to do |format|
format.html # index.html.erb
format.json { render :json => @accounts}
end
def our_miles_balance
a = Account.find_by_account_number(params[:account_number])
@miles = Account.our_miles_balance(a.id) if ?a!=nil
respond_to do |format|
format.json { render json: @miles}
end
end
end
When using
load_and_authorize_resource, it’s callingauthorize!(:our_miles_balance, @account)before theour_miles_balancecontroller action. Documentation.Option 1
Add
to your ability class.
Option 2
In the controller do
and in the
our_miles_balanceaction do