controller.rb
load_and_authorize_resource
# GET /orders or /orders.json
def index
if params[:user_id]
@orders = current_user.orders
else
@orders = Order.all
end
end
ability.rb
if user.user_role?
can :manage, Order, :user_id => user.id
end
Trying to get normal users to only see their own orders/posts and the admin role users can see all users' posts/orders.
What am I missing? I'm using cancancan and devise.
I figured it out:
def index
if current_user.superadmin_role?
@orders = Order.all
else
@orders = current_user.orders
end
end