I have a cancan ability that says a user can create
a Message
if it's theirs
can [:create], [Message] do |message|
message.user_id == user.id && message.conversation.sender_id == user.id
end
This works as expected, but, surprisingly, this rspec test for whether the user can access the new
action for a message fails:
it 'A user should not be able to access their own message new action' do
expect(ability).to_not be_able_to(:new, message)
end
So the user can access the new
action for their message. Why is this? Does access to the create
action somehow imply access to new
as well? Or have I misinterpreted or made a mistake somewhere?
Yes :new
is an alias of :create
See here:
https://github.com/CanCanCommunity/cancancan/wiki/Action-Aliases