how grant permission edit/ destroy links on by-user basis in user index of rails?
i'm using rails3, devise , cancan define role based abilities.
i'd current user able see , access link edit/delete profile in user index page. should not able see or access these links other users.
i've set following in index view:
<% if can? :update, @user %> <%= link_to 'edit', edit_user_registration_path(@user) %> | <% end %> and in abilities.rb
def initialize(user) can :update, user, :id => user.id if user.role? :super_admin can :manage, :all end end my superadmin can see , edit links users in index.
my user can see links no one, not themselves.
the more read around more confused get, devise, cancan , user model playing role.
i'd appreciate confirmation i'm on right track, , grateful pointers towards useful information me understand this.
many thanks
in abilities.rb
can :manage, user |u| u.id == user.id end if want go id.
your view looks me.
Comments
Post a Comment