I was wondering how I can define an ability class and serve that ability class depending on the user that has logged in.
I am using Active Admin, Can Can and Devise and I have successfully created a User and an AdminUser models.
I have this in my ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
if (user)
can :manage, Item
end
end
end
Now I have used this wiki entry to determine that we can indeed define a custom ability file and use that instead of the ability.rb:
https://github.com/ryanb/cancan/wiki/changing-defaults
But what I wanted to do is, be able to use ability.rb if a “non-admin user” is signed in and a custom abilty if a user admin is signed in.
Side Question: Could it be done such that I don’t need a custom one and I could set permissions in one ability.rb file?
I’ve never really used ActiveAdmin, so I’m not entirely sure if I’m missing something, but it doesn’t seem like that framework relies on CanCan. That’s why I’m assuming you’re defining a
current_abilitymethod like explained in the wiki and it’s instantiated withAbility.new(current_user).If that’s the case, and your
current_usercan be either aUseror anAdminUser, then there’s no problem in checking for that in theAbilityclass:You can simply take a look at the user’s type and change the rules accordingly. You can also use
is_a?instead ofkind_of?for stricter checking, but it’s probably not required and might cause issues if you decide to do inheritance later on.Another way you could check is by defining an
admin?method in both models. This might be a better way to do it, since explicit type checking is not very popular in ruby — it often limits your choices. It might look like this: