Provides a simple integration between CanCan and Active Model Serializers.
Add this line to your application's Gemfile:
gem 'active_model_serializers-cancan'
And then execute:
$ bundle
Or install it yourself as:
$ gem install active_model_serializers-cancan
hasOne and hasMany serializer macros now support an additional property, authorize. Associations with this property set to true will be authorized and filtered via CanCan. For example:
class PostSerializer < ActiveModel::Serializer
attributes :title, :content
has_one :author, authorize: true
has_many :comments, authorize: true
endSerializers now also have access to the same helpers as controllers, namely current_ability, can?, and cannot?.
Use the abilities helper method to add an abilities key to the serialized data. For example:
class PostSerializer < ActiveModel::Serializer
attributes :id
abilities :show, :update
end
@post.as_json # { id: 1, abilities: { show: true, update: false } }If :restful is passed as an ability it will expand to the 7 default
RESTful actions: :index, :show, :new, :create, :edit, :update, :destroy
Abilities are checked by calling the can_#{action}? method. By overriding this method the result for the ability can be customized. For example:
class PostSerializer < ActiveModel::Serializer
attributes :id
abilities :show
def can_show?
session[:wizard_started] && can?(:show, object)
end