After looking at the ability.rb. I have allowed the admins to manage everything (that part works) but how do I allow the user to just, view and edit their own Logg using cancan? At the moment the users cannot view anything at all, not even their own created logg. But admins can do everything.
class Logg < ActiveRecord::Base has_and_belongs_to_many :user end
class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable ROLES = %w[admin moderator author banned] has_and_belongs_to_many :logg end
I have no User controller. I have the loggs controller:
class LoggsController < ApplicationController
before_action :set_logg, only: [:show, :edit, :update, :destroy] load_and_authorize_resource
respond_to :html
def index @loggs = Logg.all respond_with(@loggs) end
def show respond_with(@logg) end
def new @logg = Logg.new respond_with(@logg) end
def edit
end
def create @logg = Logg.new(logg_params) @logg.save respond_with(@logg) end
def update @logg.update(logg_params) respond_with(@logg) end
def destroy @logg.destroy respond_with(@logg) end
private def set_logg @logg = Logg.find(params[:id]) end
def logg_params params.require(:logg).permit(:name, :date, :time, :whats_gone_well_this_week, :whats_not_gone_well_this_week, :learnt_anything_new, :what_would_you_like_to_improve, :anything_else) end end
class Ability include CanCan::Ability def initialize(user)
if user.nil? cannot :read, Logg elsif user.admin? can :manage, Logg else can :create, Logg, :user_id => user.id can :update, Logg, :user_id => user.id end end end