CanCan issue when being very specific

So I got CanCan and Devise working well. I have two types of users:
Admins and Nonadmins. Admins can edit all of Nonadmins profiles.

The problem is, every user (either Admin or Nonadmin) belongs to an
Account or Organization. Admins should only be able to edit users from
their own Account or Organization. I was able to do that too.

The problem is, I can't display the Create New User link. It seems
everything is correct but I must be doing something wrong.

HERE IS ABILITY.RB

What message are you getting?

Nothing, the New User link it's just not displaying

According to the wiki… https://github.com/ryanb/cancan/wiki/Checking-Abilities

I think you may need to change the object that can? is evaluating from the @user variable to the class User like so:

<% if can? :create, User %>

<%= link_to 'New User', new_user_path %>

<% end %>

This would allow an admin to create any use regardless of the account it belongs to and that is not what , he wants.

What i have notice is that cancan is very picky when you specify an action so try using others that have the same effect like write.

<% if can? :write, @user %>

Awesome! Thanks, I hadn't read that info. Works great :slight_smile:

According to the wiki..
https://github.com/ryanb/cancan/wiki/Checking-Abilities

I think you may need to change the object that can? is evaluating from the
@user variable to the class User like so:

<% if can? :create, User %>

This would allow an admin to create any use regardless of the account
it
belongs to and that is not what , he wants.

What i have notice is that cancan is very picky when you specify an
action
so try using others that have the same effect like write.

<% if can? :write, @user %>

What do you mean? What does *write* do? I have been searching for a list
of abilites but haven't found one. All I see is that they use the 7
RESTful resources. Can you point me to a list of abilities that work
with CanCan?

Hmm.. I'm in your same situation.

In your code:
<% if can? :create, @user %>
I believe that @user is nil, so when your Ability.rb try's to
read :account_id, it returns nil, and it is never == user.account_id,
thus your link is not displayed.
I don't know if it's the correcto solution, but I'm adding new
abilities.

In your case, you could use a create_user ability, and check it
against the Account in question.

So in Ability.rb:
if user.role == "admin"
can :create_user, Account do |acc|
  acc.id == user.account_id
end

And in your view:
link_to "New user", .... if can? :create_user, account # you have to
set the account variable somewhere.

Note that you don't have to "create" the :create_user ability. You can
just use it.

FWIW, these are the only actions included by default in CanCan
(no :write!)

alias_action :index, :show, :to => :read
alias_action :new, :to => :create
alias_action :edit, :to => :update

I wish there were some DSL for this.
I'd like to, for example, use this in my view:

if can? :create, User :on => @account

But I think the example I gave you previously achieves the same
functionality.