Can?
methodAfter you define the Abilities, you can use the can?
method to check a user’s permissions for a given action and object in the controller or view.
The can?
method takes in two parameters:
can? action, object
where:
Abilities
class including user-defined actions.can? :create, @project
Cannot?
methodThe cannot?
method performs the opposite check of the can?
method.
can? :destroy, @project
To check permissions for a class, use:
<% if can? :create, Project %>
<%= link_to "New Project", new_project_path %>
<% end %>
Note: If a hash of conditions exist for that condition, the check will return true. e.g., If the permissions were set for Project
can :read, Project, :user_id => user.id
The check
method will return true.
can? :read, Project
It is not possible to check the can method completely as not enough detail is present. Therefore, it checks if any user can read a project and, therefore, returns true.
It is important to do another check for the hash conditions once an instance becomes available.
This is credited to the controller index action. Since the authorize_resource
before the filter has no instance to check on, it uses the project class. If authorization fails at the time, it is impossible to filter the results during fetching. Therefore, passing a class to can?
will always return true.