I kept on simplifying the code to get to the root of the problem and it seems it won't work regardless of what I do.
in ability.rb can :manage, :all
so it's supposed to allow the user to do ANYTHING right? wrong!
if in users_controller.rb I tried working with nested resources, it ALWAYS gives me Access Denied error.
users_controller.rb load_resource :company load_resource :user, :through => :company
Try changing this to simply:
#users_controller.rb load_and_authorize_resource
I believe that will get all of the nested stuff automagically, you don't have to specify the relationship. After all, that's what your models are for.
Walter
Ok, I read the CanCan documentation more carefully and this jumped out the screen... "This will fetch the project using Project.find(params[:project_id]) on every controller action, save it in the @project instance variable..."
When I was going to /users the companies resource was empty and it would throw the Access Denied error unless I used shallow nesting (:shallow => true).
So I should've been going to /companies/45/users instead. Then companies get loaded as well as users. My problem with this is that it can only display users from a certain company.
I'm still not accomplishing what I want. Because the page should display all companies and all users under each company. I'm closer to finding the answer than I was before. I'll keep on trying.
Ok. This is the question I'm looking the answer for: how can I load and authorize the companies in the users_controller.rb file?
I already tried load_and_authorize_resource :company
@companies and @company are empty in the view.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks