I'm trying to figure out how to stop users from editing or deleting other users' information. I've used Devise to set up the users so don't have a users controller. The Users Policy is below.
class PostPolicy < ApplicationPolicy
def index?
true
end
def create?
user.present?
end
def update?
user.present? && user == post.user
end
def destroy?
user.present? && user == post.user
end
private
def post
record
end
end
I managed to stop allowing other users to delete or edit posts that weren't theres, but not sure how to do this without a users controller - I can't find the code in the Devise Gem to see what the controller is doing behind the scenes so not sure how to change its methods without breaking something else Devise does!
Any help is greatly appreciated
