Some how the app was still detecting my email, even while logged out and therefore giving me admin privileges!
Not sure how this is happening...
Вопрос
For some reason, for a non logged in user, this code displays the html but once delete is clicked CanCan does not allow the action.
<% if can? :destroy, @boat %>
<%= link_to "", boat, method: :delete, data: { confirm: "You sure?" } %>
<% end %>
How do I prevent the HTML from displaying???
def initialize(user)
user ||= User.new
if user.admin? || user.email = 'test@test.io'
can :manage, :all
elsif user.manager?
can :read, Boat
can [:create, :read, :update], User
else
can :read, Boat
can :create, User
end
end
Решение
Some how the app was still detecting my email, even while logged out and therefore giving me admin privileges!
Not sure how this is happening...