I'm getting cancan with devise wired into my first Ruby on Rails app. I have some of it working, but I hit a problem my newbie brain cannot seem to understand.
I'm trying to delete a project model. The cancan ability.initialize call is not working because the user is passed as nil even though I am logged in and other calls successfully authorize
In my show view, I have this link:
<%= link_to "Purge this project", @project, method: :delete, data: {confirm: "There is no way to get it back. Are you sure you want to permanently remove this project?"} %>
I think my controller is wired up correctly, other actions are properly authorized
class ProjectsController < ApplicationController
load_and_authorize_resource
...
def destroy
puts "***********removing: " + params.inspect
@project.destroy
...
end
My cancan initialize does this:
def initialize(user)
user ||= User.new # guest user
puts "******** Evaluating cancan permissions for: " + user.inspect
...
When I click the delete link above, this gets puts'ed to the console (notice how user.id is nil, this is caused because i setup the guest if user is nil)
******** Evaluating cancan permissions for: #<User id: nil, email: ""...
Started DELETE "/projects/16" for 127.0.0.1 at 2013-04-04 10:48:23 -0400
Processing by ProjectsController#destroy as HTML
Parameters: {"id"=>"16"}
WARNING: Can't verify CSRF token authenticity
PROBLEM: Why is the user nil??? Is it related to the CSRF token issue? Is there something special about http method=delete that I'm missing? How can I stop the dumb, it hurts?
The preceding "show" action yielded this expected puts (concluding stuff should be wired up sufficiently):
******** Evaluating cancan permissions for: #<User id: 2, email: "doug...
Thanks!
