I am using ActiveAdmin with Cancan for authorization. In my ability model, I setup a user to only have read ability. This works as expected, except the user can still select devices(the model I am restricting) and then perform a batch_update to edit one or more of them. I can't block this in the view because that button is rendered by ActiveAdmin.
I tried something like this in the admin/devices controller..
if can? :manage
collection_action :batch_update do
blah blah
end
end
But then I get undefined method `can?' for #
Any suggestions?
You can display conditionally the block actions:
https://github.com/activeadmin/activeadmin/blob/master/docs/9-batch-actions.md#conditional-display