Home/ Questions/Q 9220087
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T03:16:00+00:00

Post: hidden: boolean I want the logged in user could see all the posts,

  • 0
Post: hidden: boolean

I want the logged in user could see all the posts, and the non-logged-in user only have access to posts whose hidden fields are false.
So I write like this in cancan’s Ability Model:

if user_signed_in?
    can :read, Post
else 
    can :read, Post, :hidden => false
end

but accessing the helper user_signed_in is not allowed in Model.
As stated in this question: Rails 3 devise, current_user is not accessible in a Model ?. While we could using some tricks to access the helper, its not proper to do that

So, how could I authorize the not-logged-in user properly? Or just use “Include” to use this helper ??

Or should I put this in authentication part? but how?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    All you need to do is this:

    def initialize(user)
  user ||= User.new # guest user (not logged in)

  can :read, Post, :hidden => false

  if User.exists?(user)
    can :read, Post
  end
end

    With devise, the current_user helper method returns the current user when logged in but returns nil when not logged in. It is available in the controllers and views. By default, CanCan does all authorization checks against the return of the current_user method.

    Now whenever the can? method is called from a view or a controller, the return of current_user will be passed to a new instance of Ability as the local variable user.

    To check if the user was logged in, I choose to useUser.exists?(). It’s a class method for ActiveRecord::Base that will check if that user object is persisted in the database. Any other way will work just as well though. For instance, this would work just as well or better:

    if user.encrypted_password
  can :read, Post
end

    This will check if the default devise password field exists for the user instance. If you haven’t done anything too crazy, this will only return a value if the user is logged in. If the second option works for your situation, it may be superior because you won’t even have to query the database.

    Semi-relevant tip, check out a role handling gem like Rolify. It is great when used in conjunction with CanCan.

    • 0