Accessing Devise helper methods from CanCan, etc_问答_开发者

Accessing Devise helper methods from CanCan, etc

开发者 https://www.devze.com 2023-01-26 17:03 出处：网络

This seems like an easy question that I just can\'t wrap开发者_开发技巧 my head around. Using Devise for authentication and CanCan for authorization on a new Rails 3 app.

This seems like an easy question that I just can't wrap开发者_开发技巧 my head around.

Using Devise for authentication and CanCan for authorization on a new Rails 3 app.

How can I access methods defined in ApplicationController within the Ability class that CanCan provides?

a.k.a., something like this:

class Ability

  include CanCan::Ability

  def initialize(user)

    user ||= User.new # Guest user.

    can :create, Post if user_signed_in?

  end
end

where user_signed_in? is defined in ApplicationController.

This might not be the answer you wanted, but it seems like you are wanting to mix code concerns that shouldn't be mixed.

Is it a good idea to access user_signed_in? inside your authorisation rules? ... Since authorisation is only concerned with what someone can do, and should not be concerned with if that someone is authenticated (or not).

A before filter (before_filter :authenticate_user!) on your Posts controller to check that your user is authenticated should be enough to do achieve your objective; Your authorisation rules can be run alongside the authentication check, rather than mixed up with it's code.

It's a layered approach :-)