ruby-on-railscancancancancan

Does granting cancan ability to create automatically imply access to new action?


I have a cancan ability that says a user can create a Message if it's theirs

can [:create], [Message] do |message|
  message.user_id == user.id && message.conversation.sender_id == user.id
end

This works as expected, but, surprisingly, this rspec test for whether the user can access the new action for a message fails:

it 'A user should not be able to access their own message new action' do
  expect(ability).to_not be_able_to(:new, message)
end

So the user can access the new action for their message. Why is this? Does access to the create action somehow imply access to new as well? Or have I misinterpreted or made a mistake somewhere?


Solution

  • Yes :new is an alias of :create

    See here:

    https://github.com/CanCanCommunity/cancancan/wiki/Action-Aliases