ruby-on-railsdevisecancancan

Rails cancancan user sees own order, admin can see all users orders

controller.rb

load_and_authorize_resource

  # GET /orders or /orders.json
  def index
    if params[:user_id]
      @orders = current_user.orders
    else
      @orders = Order.all
    end
  end

ability.rb

    if user.user_role?

      can :manage, Order, :user_id => user.id

    end

Trying to get normal users to only see their own orders/posts and the admin role users can see all users' posts/orders.

What am I missing? I'm using cancancan and devise.

Solution

  • I figured it out:

      def index
    if current_user.superadmin_role?
      @orders = Order.all
    else
      @orders = current_user.orders
    end
  end