class Ability include CanCan Ability def initialize user user User new

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.has_role? :admin
can :manage, :all
if !user.has_role? :dir
cannot :manage, Penalty
end
else
can :read, Penalty
can :read, Output
can: read, write, Comment
end
end
end