I kept on simplifying the code to get to the root of the problem and it
seems it won't work regardless of what I do.
can :manage, :all
so it's supposed to allow the user to do ANYTHING right? wrong!
if in users_controller.rb I tried working with nested resources, it
ALWAYS gives me Access Denied error.
load_resource :user, :through => :company
Try changing this to simply:
I believe that will get all of the nested stuff automagically, you don't have to specify the relationship. After all, that's what your models are for.
Ok, I read the CanCan documentation more carefully and this jumped out
"This will fetch the project using Project.find(params[:project_id]) on
every controller action, save it in the @project instance variable..."
When I was going to /users the companies resource was empty and it would
throw the Access Denied error unless I used shallow nesting (:shallow =>
So I should've been going to /companies/45/users instead. Then companies
get loaded as well as users. My problem with this is that it can only
display users from a certain company.
I'm still not accomplishing what I want. Because the page should display
all companies and all users under each company. I'm closer to finding
the answer than I was before. I'll keep on trying.
Ok. This is the question I'm looking the answer for: how can I load and
authorize the companies in the users_controller.rb file?
I already tried load_and_authorize_resource :company
@companies and @company are empty in the view.