Home/ Questions/Q 8809793
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T02:57:55+00:00

Using CanCan for authorization and Devise for authentication. I have three roles. Admin role

  • 0

Using CanCan for authorization and Devise for authentication. I have three roles. Admin role has access to all actions. But when I am logged in as an admin, I still get Access Denied. What am I doing wrong?? Also I have been following this wiki for implementation

This is my controller code

class LocationController < ApplicationController
  #before_filter :authenticate, :only => [:title_clearing]
  before_filter :authenticate_user!
  load_and_authorize_resource

  def show
    @data = []
    if params[:Date].match(/^(19|20)\d\d[- \/.](0[1-9]|1[012])[- \/.](0[1-9]|[12][0-9]|3[01])$/).nil? == true
      @message = "Wrong Date Format"
    else
      @data = Location.show(params[:Date])
      if @data.size == 0
        @message = "No data exists for "+ params[:Date]
      else
        @message = "Data loaded successfully for "+ params[:Date]
      end
    end

    if params[:Date] == "all"
      @message = "All records loaded"
      @data = Location.show("all")
    end

  end
end

In the ability.rb

if user.is? :admin
    can :all, :location 
end
if user.is? :titleclearing
    can :title_clearing, :location
end
if user.is? :acquisitions
    cannot :title_clearing, :location 
end

In the user model

def role?(role)
    roles.include? role.to_s
end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    User proper CanCan convention:

    if user.is? :admin
  can :manage, Location
end

    Or, you can manage all:

    can :manage, :all
    • 0