Allow users to edit/destroy their own profiles only from the index?

This is a total blind shot, but maybe it works: % if can?(:update, @user) || @user==current_user %.

This is a total blind shot, but maybe it works: | Replace current_user with whatever holds the currently logged in user.

Thanks for the suggestion. This isn't working, unfortunately. Superadmin can still see all.

User can see none. This may be a stupid question, so please bear with me. How do I define (or do I need to define) the @user variable in the index controller.

@user = User. Find(params:id) results in "Couldn't find User without an ID" – Andy Harvey Apr 29 at 11:58.

In abilities. Rb can :manage, User do |u| u. Id == user.Id end if you want to go by ID.

Your view looks good to me.

Thanks for your suggestion. Actually I agree with you, I thought this would do the trick do. Unfortunately it doesn't.

I wondered if there was something conflicting from the Devise end, that I should be accounting for? Or perhaps I'm over complicating? – Andy Harvey Apr 29 at 12:01.

You are confused yourself and this way, you are making it even more difficult for you. At one point you are saying, I'd like the current user to be able to see and access a link to edit/delete their profile in the user index page. They should not be able to see or access these links for all other users.

On the other hand, My superadmin can see and edit links for all users in the index. My user can see links for no one, not even themselves I understand what you are trying to say. You want: SuperAdmin can see all links for anything, and A user can only see links for himself, and no one else, and that too, only the edit and update profile or even you could add the delete account links.

But the main concern is that a user can only see links on his/her profile and no where else. Some points to consider: Did you assign the abilities properly in the Ability class. Look for something like this in your code, and see if it works in the console.

Def current_ability @current_ability ||= Ability. New(current_user) end If yes, move on to this part: can :manage, User do |user| user == current_user #Assign the abilities for the user, here only, # no need to match the id for each view in the link. End If it still doesn't work, take some time off, go through these links again, I know it can be really confusing, but believe me you are quite close.

Wiki - Defining-Abilities Wiki - Changing-Defaults When you get there, would you like to share with me, your approach of how you did the whole thing. I would love to hear from you.

Thanks for your patience. I'm still scratching my head on this one. Here's the thing — superadmin can manage all, he can see and access all edit/ destroy for all user in the index.

But, if I say that all users can :manage, User, whatever their role, then these links are still not accessible by anyone. It's as though User is not the correct model to be setting permissions for. – Andy Harvey May 3 at 13:08 ps - if I then set all users can :manage, :all, these links are available to everyone!

– Andy Harvey May 3 at 13:10 @andy: Your doubt is still unclear to me. Can you update the question, and be more specific about what you want. – Jatin Ganhotra May 9 at 7:20.

Try this and see if it works (if you are still having this issue. ) I don't think your regular user should be outside the if statement.(change the variable as you see fit. ) def initialize(user) user ||= User.

New #guest user if user. Role? :super_admin can :manage, :all else can :update, User, :id => user.Id can :read, :all # you can try it with this line removed at first end end.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.