CanCan does not allow action but allows html?

StackOverflow https://stackoverflow.com/questions/22239093

  •  10-06-2023
  •  | 
  •  

Question

For some reason, for a non logged in user, this code displays the html but once delete is clicked CanCan does not allow the action.

  <% if can? :destroy, @boat %>
    <%= link_to "", boat, method: :delete, data: { confirm: "You sure?" } %>
  <% end %>

How do I prevent the HTML from displaying???

  def initialize(user)
       user ||= User.new
       if user.admin? || user.email = 'test@test.io'
         can :manage, :all
       elsif user.manager?
         can :read, Boat
         can [:create, :read, :update], User
       else
         can :read, Boat
         can :create, User      
       end
  end
Était-ce utile?

La solution

Some how the app was still detecting my email, even while logged out and therefore giving me admin privileges!

Not sure how this is happening...

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top