CanCan Checking Destroy Abilities

Posted on

Have you ever noticed that CanCan does not perform the ability check on the destroy action of the controllers, even if you authorize_resource ?

You need to add, inside your destroy action, an explicit authorization check, just like:

def destroy
  authorize! :destroy, @event
  ...
end

Check the link for more info:
https://github.com/ryanb/cancan/issues/626

Leave a Reply

Your email address will not be published.