class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can [:read, :home, :history, :show_cameras], :all
if user.role == 'root'
can :manage, :all
elsif user.role == 'admin'
can :manage, [Site, Camera, Sensor, Article]
can [:edit, :update], User
end
end
end
在需要控制的controller里加load_and_authorize_resource