Proper way to use CanCan+Rolify on Rails 4

74 views Asked by At

I am just wondering what is the proper way to use CanCan+Rolify in the simplest and most effective way.

I was under the impression that if I had an Ability model like below

user ||= User.new # guest user (not logged in)
if user.admin?
  can :manage, :all
else
  can :read, :all
end

And I have a resource, let`s say, Product that has

resourcify

declared, that a user that does not have the :admin role, would not be able to Create, Update or Delete such resource...

But it seems that more code is necessary to implement this behaviour, because I tested and a non :admin user IS able to delete and create a Product.

What am I missing?

1

There are 1 answers

2
pavjel On BEST ANSWER

Try to set load_and_authorize_resource to your Products controller (assuming that you want to make Products CRUDable only by certain roles of users).