friendly_id: friendly scope does not work if load_and_authorize_resource before_action of CanCan exists

Hi,

I’m using Rails 4, Devise, CanCanCan and friendly_id.

I have a controller called episodes_controller.rb and it’s protected by Devise and CanCan. I’m just trying to browse Edit page of an episode which has friendly_id slug set up, and I get this error:

Couldn't find Episode with id=episode-slug

In the meantime, my edit method looks like this:

def edit
    @episode = Episode.friendly.find(params[:id])
  end

I’ve realized that this behavior doesn’t happen as I remove the load_and_authorize_resource before action which comes with CanCan. When I comment out load_and_authorize_resource, the episode with the slug is found and edit page appears as it supposed to be.

Another interesting thing: When I add :finders to my use array in my Episode model, and change Episode.friendly.find(params[:id]) with Episode.find(params[:id]) everything works as expected.

So it’s clear that there is something wrong with friendly scope of friendly_id gem and CanCan’s load_and_authorize_resource method.

Is this a bug or am I doing something wrong?

Thank you

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Reactions: 2
  • Comments: 17 (1 by maintainers)

Most upvoted comments

Hi,

didn’t test it, but seems like a prettier solution for CanCanCan working with friendly_id:

load_and_authorize_resource :find_by => :slug

found it here.

+65
mrusa on Jul 23, 2014

Don’t use load_and_authorize_resource, it assumes the most simple setup and do `Episode.find(params[:id]) Do something like this instead:

def edit
  @episode = Episode.friendly.find(params[:id])
  authorize! :edit, @episode
end

Example from here

+6
PikachuEXE on Apr 8, 2014

@xymbol You right, passing just instance is ok.

+1
1v on Apr 8, 2017
Read more comments on GitHub
← friendly_id: Breaks validates uniqueness: true
nornir: Serialization in grouped tasks breaks when using click →