-
Notifications
You must be signed in to change notification settings - Fork 783
Action Aliases
You will usually be working with four actions when defining and checking permissions: :read
, :create
, :update
, :destroy
. These aren't the same as the 7 RESTful actions in Rails. CanCan automatically adds some convenient aliases for mapping the controller actions.
alias_action :index, :show, :to => :read
alias_action :new, :to => :create
alias_action :edit, :to => :update
Notice the edit
action is aliased to update
. This means if the user is able to update a record he also has permission to edit it. You can define your own aliases in the Ability
class.
class Ability
include CanCan::Ability
def initialize(user)
alias_action :update, :destroy, :to => :modify
can :modify, Comment
end
end
# in controller or view
can? :update, Comment # => true
You are not restricted to just the 7 RESTful actions, you can use any action name. See Custom Actions for details.
Please note that if you are changing the default alias_actions, the original actions associated with the alias will NOT be removed. For example, following statement will not have any effect on the alias :read, which points to :show and :index:
alias_action :show, :to => :read # this will have no effect on the alias :read!
If you want to change the default actions, you should use clear_aliased_actions method to remove ALL default aliases first.
This project is abandoned, see its successor: CanCanCan