Skip to content
David Cook edited this page Jan 12, 2024 · 2 revisions

Users have permission to view and update resources based on certain rules.

Generally, these rules are defined in the Permissions class, which provides methods to retrieve data based on the current user's permissions.

An additional layer is provided by the gem CanCanCan, which has rules defined in the Ability class. Many of these rules use Permissions or other scopes to check access. The ResourceController automatically checks for permission on each action, and can be called directly for a class or instance like so:

can?(:admin, EnterpriseFee) && can?(:manage_enterprise_fees, enterprise)

See the CanCanCan readme for more details.

See also

Permissions are described in the user guide:

Clone this wiki locally