CanCan does not allow a nested resource

Question

CanCan does not allow a nested resource

I have a Ticket model and a TicketReply model:

class Ticket < ActiveRecord::Base has_many :replies, :class_name => "TicketReply" end class TicketReply < ActiveRecord::Base belongs_to :ticket, :class_name => "Ticket" end

Here is my list of abilities:

 class Ability include CanCan::Ability def initialize(user) can :manage, Ticket, :userid => user.id can :manage, TicketReply, :ticket => { :userid => user.id } end end

And finally, my TicketRepliesController:

 class TicketRepliesController < AuthorizedController load_and_authorize_resource :ticket load_and_authorize_resource :ticket_reply, :through => :ticket def create if @ticket_reply.valid? # ... else # ... end end end

However, every time I try to create a response to a ticket, I get an unauthorized message: "You do not have access to this page."

EDIT : I can access Ticket itself through the TicketsController .

Any idea what I am missing?

+4

ruby-on-rails-3 cancan

kolrie Dec 22 '11 at 18:03

source share

1 answer

clyfe · Answer 1 · 2011-12-22T19:20:29+0000

In the controller new and create actions, you need to associate your new entry with the current_user tag

 class TicketRepliesController < AuthorizedController ... whatever code you have protected # override to do the wireing def build_resource resource = super resource.userid = current_user.id # wired! resource end end

Now CanCan will see the link and allow it!

CanCan does not allow a nested resource

More articles: