So I got CanCan and Devise working well. I have two types of users: Admins and Nonadmins. Admins can edit all of Nonadmins profiles.
The problem is, every user (either Admin or Nonadmin) belongs to an Account or Organization. Admins should only be able to edit users from their own Account or Organization. I was able to do that too.
The problem is, I can't display the Create New User link. It seems everything is correct but I must be doing something wrong.
HERE IS ABILITY.RB
What message are you getting?
Nothing, the New User link it's just not displaying
According to the wiki… https://github.com/ryanb/cancan/wiki/Checking-Abilities
I think you may need to change the object that can? is evaluating from the @user variable to the class User like so:
<% if can? :create, User %>
<% end %>
This would allow an admin to create any use regardless of the account it belongs to and that is not what , he wants.
What i have notice is that cancan is very picky when you specify an action so try using others that have the same effect like write.
<% if can? :write, @user %>
Awesome! Thanks, I hadn't read that info. Works great 
According to the wiki.. Checking Abilities · ryanb/cancan Wiki · GitHub
I think you may need to change the object that can? is evaluating from the @user variable to the class User like so:
<% if can? :create, User %>
This would allow an admin to create any use regardless of the account it belongs to and that is not what , he wants.
What i have notice is that cancan is very picky when you specify an action so try using others that have the same effect like write.
<% if can? :write, @user %>
What do you mean? What does *write* do? I have been searching for a list of abilites but haven't found one. All I see is that they use the 7 RESTful resources. Can you point me to a list of abilities that work with CanCan?
Hmm.. I'm in your same situation.
In your code: <% if can? :create, @user %> I believe that @user is nil, so when your Ability.rb try's to read :account_id, it returns nil, and it is never == user.account_id, thus your link is not displayed. I don't know if it's the correcto solution, but I'm adding new abilities.
In your case, you could use a create_user ability, and check it against the Account in question.
So in Ability.rb: if user.role == "admin" can :create_user, Account do |acc| acc.id == user.account_id end
And in your view: link_to "New user", .... if can? :create_user, account # you have to set the account variable somewhere.
Note that you don't have to "create" the :create_user ability. You can just use it.
FWIW, these are the only actions included by default in CanCan (no :write!)
alias_action :index, :show, :to => :read alias_action :new, :to => :create alias_action :edit, :to => :update
I wish there were some DSL for this. I'd like to, for example, use this in my view:
if can? :create, User :on => @account
But I think the example I gave you previously achieves the same functionality.