I am using the CanCan authorization plugin (http://github.com/ryanb/cancan) for my application and it has worked great so far. I had it set like the following:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role == "admin"
can :manage, :all
else
can :read, :all
end
end
end
This allows me to designate some users Admins and only they can access write functions. Now I want to take it another step and make it so people who are not logged in at all (current_user/user_session does not exist) cannot access some controllers of the site. I know it should be some sort of elsif with the middle part of the code for the user and the final else for everyone else. However, I have not been able to figure out the best way to go about setting this up. Is anyone familiar with CanCan and have some ideas on how to best approach this type of situation.
Thanks guys, every bit helps me learn more about rails and development in general!
I'm not quite familiar with CanCan but this kind of logic belongs inside the specific controller. This is an extract of how i do it. I'm sure you get the point and can abstract it onto CanCan.
class ItemsController < ApplicationController
before_filter :login_required
# or if you only want to restrict it to some actions etc
# before_filter :login_required, :except => [:show]
# or
# before_filter :login_required, :only => [:edit]
end
class ApplicationController < ActionController::Base
protected
def login_required
access_denied! unless current_user.logged_in?
end
end
CanCan is for authorization not authentication. There's a difference ;)