InheritedResources/CanCan issue

Question

CanCan behaves really strange with index action in controller while using InheritedResouces. If i have

can :read, Question do |question|
  false
end

in ability.rb - it grants access to the action despite on block's returning value. If i remove this line - "You are not authorized to access this page.". Controller code below:

# encoding: utf-8
class QuestionsController < InheritedResources::Base
  actions :all, :except => [:edit, :update]

  before_filter :authenticate_user!,  :except => [:show]
  load_and_authorize_resource         :except => [:show]
end

Answer 1

I'm not really sure but try with:

class QuestionsController < InheritedResources::Base
  actions :index, :new, :create, :destroy, :show
  ...

There was a bug some time ago with :except. https://github.com/railsbp/rails_best_practices/issues/66.

Try updating InheritedResources gem.