{"id":2640,"date":"2022-08-30T15:26:33","date_gmt":"2022-08-30T15:26:33","guid":{"rendered":"https:\/\/unknownerror.org\/index.php\/2014\/02\/04\/cancan-authorizing-child-state-collection-of-common-programming-errors\/"},"modified":"2022-08-30T15:26:33","modified_gmt":"2022-08-30T15:26:33","slug":"cancan-authorizing-child-state-collection-of-common-programming-errors","status":"publish","type":"post","link":"https:\/\/unknownerror.org\/index.php\/2022\/08\/30\/cancan-authorizing-child-state-collection-of-common-programming-errors\/","title":{"rendered":"Cancan authorizing child state-Collection of common programming errors"},"content":{"rendered":"<p>My setup: Rails 3.0.9, Ruby 1.9.2, Cancan 1.6.5<\/p>\n<p>My models:<\/p>\n<pre><code>class User\n has_many :projects\n\nclass Project\n has_many :tasks\n belongs_to :user\n\nclass Task\n belongs_to :project\n<\/code><\/pre>\n<p>ability.rb<\/p>\n<pre><code>can :manage, Task, :project =&gt; { :user_id =&gt; user.id } \n<\/code><\/pre>\n<p>What I need is to only allow access to a <code>task<\/code> if <code>user<\/code> and <code>project<\/code> are authorized and <code>project<\/code> has a certain status determined by a <code>project<\/code> instance method like <code>active?<\/code> (I have a reason for not making it just an attribute). What&#8217;s the syntax for specifying the ability?<\/p>\n<p id=\"rop\"><small>Originally posted 2014-02-04 12:03:40. <\/small><\/p>","protected":false},"excerpt":{"rendered":"<p>My setup: Rails 3.0.9, Ruby 1.9.2, Cancan 1.6.5 My models: class User has_many :projects class Project has_many :tasks belongs_to :user class Task belongs_to :project ability.rb can :manage, Task, :project =&gt; { :user_id =&gt; user.id } What I need is to only allow access to a task if user and project are authorized and project has [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2640","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/2640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=2640"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/2640\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=2640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=2640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=2640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}