In the controller lodger
I put this function authorize
, passing user that is logging into the system, within the #destroy
method.
What I need is for only the user admin to perform the deletion operation.
def destroy
authorize current_user
@lodger.destroy
respond_to do |format|
format.html { redirect_to lodgers_url, notice: 'Lodger was successfully destroyed.' }
format.json { head :no_content }
end
end
Within the lodger_policy
file that was generated by pundit I put the def destroy
method for it to search for exactly at that location and to check if the user is admin or normal_user
def destroy?
current_user.admin?
end
As defined in the user model with the enum below
enum role: [:normal_user, :admin]
In the index of the view lodger I still check if the user who is logged in is really admin, as follows:
<% if current_user.admin? %>
<li><%=current_user.admin?%></li> ##isto é, aqui nessa linha ele retorna true se o usuário realmente for admin
<%= render 'admin_index' %>
<% else %>
<%= render 'normal_user_index' %>
<% end%>
But the problem is that even if it returns true at the beginning of the index, confirming that the user is really an admin, he does not authorize to use the delete function.