0

How do I setup the proper permission level for this scenario with cancan?

Post has many Comments.

The post's author can delete any comment.

The comment's author can delete only his/her comment.

Currently I have:

authorize!(:remove_comment, @post)

and

can :remove_comment, Post, :user_id => user.id

Currently it only allows the post's author to delete the comment but I'd like the commenter to remove his/her own comment as well.

AdamT
  • 6,405
  • 10
  • 49
  • 75

1 Answers1

0

Couldn't you just do something like:

can :destroy, Comment, :user_id => user.id
Steve Rowley
  • 1,548
  • 1
  • 11
  • 18
  • with our setup here it turns out we had to override all the behavior: can do |action, subject_class, subject| # ... end – AdamT May 02 '12 at 15:32