I have the following in my ability model : class Ability include CanCan::Ability #…

Question

0

Asked: June 4, 20262026-06-04T18:36:26+00:00 2026-06-04T18:36:26+00:00

I have the following in my ability model : class Ability include CanCan::Ability #…

0

I have the following in my ability model :

class Ability
  include CanCan::Ability

  #...

  def superuser_rules 
    can  :access, :items    
    cannot :update, :items
    can :update, :items, :foo_attributes
  end

end

I have a form which mirrors that by only displaying the foo_attributes nested form.

However, when submitting the form, it says the access is denied to update the item.

Is there a way to circumvent this without adding new routes/actions ?

Many thanks !

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T18:36:28+00:00

You can create new actions to handle these “special attributes”.

First you can clean up the special attributes of the params.

class UserController
  before_filter :only => [:create, :update] { params[:user].delete(:accepted_at) }
end

Then you create a special action to change a special attribute:

def accept
  User.find(params[:user_id]).update_attributes :accepted_at => Time.now
end

Now you can set different permissions for create, update, and accept actions.

class Ability
  include CanCan::Ability

  def initialize(user)
    if user && user.admin?
      can :accept, User
    elsif user
      can :update, User
    end
    can :create, User
  end
end

Take a look at this too

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have the following in my ability model : class Ability include CanCan::Ability #…

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply