After looking at the ability.rb. I have allowed the admins to manage everything (that part works) but how do I allow the user to just, view and edit their own Logg using cancan? At the moment the users cannot view anything at all, not even their own created logg. But admins can do everything.
class Logg < ActiveRecord::Base has_and_belongs_to_many :user end class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable ROLES = %w[admin moderator author banned] has_and_belongs_to_many :logg end I have no User controller. I have the loggs controller: class LoggsController < ApplicationController before_action :set_logg, only: [:show, :edit, :update, :destroy] load_and_authorize_resource respond_to :html def index @loggs = Logg.all respond_with(@loggs) end def show respond_with(@logg) end def new @logg = Logg.new respond_with(@logg) end def edit end def create @logg = Logg.new(logg_params) @logg.save respond_with(@logg) end def update @logg.update(logg_params) respond_with(@logg) end def destroy @logg.destroy respond_with(@logg) end private def set_logg @logg = Logg.find(params[:id]) end def logg_params params.require(:logg).permit(:name, :date, :time, :whats_gone_well_this_week, :whats_not_gone_well_this_week, :learnt_anything_new, :what_would_you_like_to_improve, :anything_else) end end class Ability include CanCan::Ability def initialize(user) if user.nil? cannot :read, Logg elsif user.admin? can :manage, Logg else can :create, Logg, :user_id => user.id can :update, Logg, :user_id => user.id end end end -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/a70a3b2c7467d74e44571aed6efb03b0%40ruby-forum.com. For more options, visit https://groups.google.com/d/optout.