CanCanCan gives you the possibility to define actions on single instances' attributes.
Given you want users to only read a user first name and last name you can define:
can :read, User, [:first_name, :last_name]and check it with:
can? :read, @user, :first_nameYou can also ask for all the allowed attributes:
current_ability.permitted_attributes(:read, @user)
#=> [:first_name, :last_name]This can be used, for example, to display a form:
current_ability.permitted_attributes(:read, @book).each do |attr|
= form.input attror in Strong Parameters:
params
.require(:book)
.permit(current_ability.permitted_attributes(:read, @book))