问题描述:

I am getting the following error while trying to delete a user in my Rails 4 App.

Pundit::NotAuthorizedError in UsersController#destroy

not allowed to destroy? this #<User:0x005595f691bd10>

Extracted source (around line #30):

@user = User.find(params[:id])

# debugger

authorize current_user

@user.destroy

redirect_to users_path, :notice => "User deleted."

end

I am giving the User Controller bellow :

class UsersController < ApplicationController

before_filter :authenticate_user!

before_action :set_menu

def index

@users = User.all.page(params[:page]).per(8)

authorize @users

end

def show

@user = User.find(params[:id])

authorize @user

end

def update

@user = User.find(params[:id])

#authorize @user

if @user.update_attributes(secure_params)

redirect_to users_path, :notice => "User updated."

else

redirect_to users_path, :alert => "Unable to update user."

end

end

def destroy

@user = User.find(params[:id])

authorize @user

@user.destroy

redirect_to users_path, :notice => "User deleted."

end

private

def secure_params

params.require(:user).permit(:role)

end

def set_menu

store_menu("User")

end

end

The bellow is my User Model Code

class User < ActiveRecord::Base

enum role: [:admin,:user]

after_initialize :set_default_role, :if => :new_record?

def set_default_role

self.role ||= :user

end

# Include default devise modules. Others available are:

# :confirmable, :lockable, :timeoutable and :omniauthable

devise :database_authenticatable, :registerable,

:recoverable, :rememberable, :trackable, :validatable

has_one :customer

# has_one :customer, dependent: :destroy

end

The bellow is my User policy file

class UserPolicy < ApplicationPolicy

attr_reader :user, :model

def initialize(user, model)

@user = user

@model = model

end

def index?

@user.admin?

end

class Scope < Scope

def resolve

scope

end

end

end

How to resolve the error on delete or destroy action of a particular user ?

网友答案:

You should be adding a method for delete in the user_policy.rb like below

def destroy?
  current_user = @user
end

to get the destroy working.

相关阅读:
Top