Site is having model Post which just display a Post, nothing fancy If in Ability i add When no user is logged it they should be able to read all the post So in Ability.rb
def initialize(user)
can :manage, Post
end
This works but of course it should be
def initialize(user)
can :read, Post
end
Which doesn't work (403)
Based on what I've read :read should alias for index show actions I can't find a way to debug why it fails. All help appreciated
I suppose you are automatically authorizing all actions in a RESTful style resource controller with load_and_authorize_resource
method. If the index
action does not require user to login then you should skip this method specifically for index
. Try
load_and_authorize_resource :except => [:index]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.