Answer the question
In order to leave comments, you need to log in
Why can't I access some pages?
I use cancancan for authorization and devise for authentication.
class Ability
include CanCan::Ability
def initialize(user)
can :read, :all
if user && user.role?(:admin)
can :access, :rails_admin
can :dashboard
can :manage, :all
elsif user && user.role?(:user)
can :create, [Post, Comment]
can :update, Post, user_id: user.id
can :update, User, id: user.id
can [:update, :destroy], Comment, user_id: user.id
elsif user && user.role?(:moderator)
can [:create, :update, :destroy], [Post, Comment]
end
end
end
class PostsController < ApplicationController
before_action :authenticate_user!, except: [:index, :show]
load_and_authorize_resource
def index
@posts = Post.all.order('created_at DESC')
end
def withtag
if params[:tag]
@posts = Post.tagged_with(params[:tag]).order('created_at DESC')
@tagname = params[:tag]
@tag = Tag.find_by_name(params[:tag])
end
end
def usernews
@posts = []
allPosts = Post.all.order('created_at DESC')
userTags = current_user.subscribed_tags.map(&:name)
allPosts.each do |post|
postTags = post.tag_list.split(',')
userTags.each do |tag|
if postTags.include?(tag)
@posts.push(post)
break
end
end
end
end
def userposts
@user = User.find(params[:id])
@posts = Post.where(user_id: @user.id).order('created_at DESC')
end
def new
@post = Post.new
end
def create
@post = current_user.posts.build(post_params)
@post.user_id = current_user.id
if @post.save
redirect_to @post
else
render 'new'
end
end
def show
@post = Post.find(params[:id])
end
def edit
@post = Post.find(params[:id])
end
def update
@post = Post.find(params[:id])
if @post.update(post_params)
redirect_to @post
else
render 'edit'
end
end
def destroy
@post = Post.find(params[:id])
@post.destroy
redirect_to root_path
end
private
def post_params
params.require(:post).permit(:title, :body, :image, :tag_list)
end
end
You are not authorized to access this page
can :manage, :all
Answer the question
In order to leave comments, you need to log in
You don't have a policy for these methods in ability.rb
Something like this:
# ability.rb
...
elsif user && user.role?(:user)
...
can :read, :tags
# posts_controller.rb
def withtag
authorize! :read, :tags
if params[:tag]
@posts = Post.tagged_with(params[:tag]).order('created_at DESC')
@tagname = params[:tag]
@tag = Tag.find_by_name(params[:tag])
end
end
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question