CanCan does not allow action but allows html?

StackOverflow https://stackoverflow.com/questions/22239093

  •  10-06-2023
  •  | 
  •  

Pregunta

For some reason, for a non logged in user, this code displays the html but once delete is clicked CanCan does not allow the action.

  <% if can? :destroy, @boat %>
    <%= link_to "", boat, method: :delete, data: { confirm: "You sure?" } %>
  <% end %>

How do I prevent the HTML from displaying???

  def initialize(user)
       user ||= User.new
       if user.admin? || user.email = 'test@test.io'
         can :manage, :all
       elsif user.manager?
         can :read, Boat
         can [:create, :read, :update], User
       else
         can :read, Boat
         can :create, User      
       end
  end
¿Fue útil?

Solución

Some how the app was still detecting my email, even while logged out and therefore giving me admin privileges!

Not sure how this is happening...

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top