CanCan does not allow action but allows html?

StackOverflow https://stackoverflow.com/questions/22239093

  •  10-06-2023
  •  | 
  •  

Question

For some reason, for a non logged in user, this code displays the html but once delete is clicked CanCan does not allow the action.

  <% if can? :destroy, @boat %>
    <%= link_to "", boat, method: :delete, data: { confirm: "You sure?" } %>
  <% end %>

How do I prevent the HTML from displaying???

  def initialize(user)
       user ||= User.new
       if user.admin? || user.email = 'test@test.io'
         can :manage, :all
       elsif user.manager?
         can :read, Boat
         can [:create, :read, :update], User
       else
         can :read, Boat
         can :create, User      
       end
  end
Was it helpful?

Solution

Some how the app was still detecting my email, even while logged out and therefore giving me admin privileges!

Not sure how this is happening...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top