0

I am using cancancan authentication mechanism in my rails application. I want only those users who are owner of their own posts and comments t be edited and deleted , and admin to manage all the things. my admin ability is working fine but others are not working. here is my ability.rb file

class Ability
include CanCan::Ability

def initialize(user)
user ||= User.new # guest user

if user.admin? 
   can :manage, :all

else
  can :read, :all
  can :create, Topic
  can :update, Topic do |topic|
    topic.try(:user) == user
  end
  can :delete, Topic do |topic|
    topic.try(:user) == user
  end
  can :delete, Comment do |comment|
  comment.try(:user) == user
  end
 # can :manage, Comment, :task => { :user_id => user.id }
  can :update, Comment do |comment|
  comment.try(:user) == user

    end
   end
 end

end what should i do in order to work it properly. its working properly for topics but not for comments

this is the line in my topics contrller 

load_and_authorize_resource :topic
kali
  • 133
  • 1
  • 7

1 Answers1

0

If it is working for topics there must be something wrong with your comments model. Does the comments table have a user_id column that stores the author of the comment or any other way to check its ownership? It might be that comment.try(:user) returns nil and it then fails to give the users the right permissions.

FanaHOVA
  • 113
  • 1
  • 1
  • 7