I'm using cancan and checking authorizing a user to go to the index page. However, an ability is triggering a cannot false positive. Here's what I have in my messages#index:
def index
authorize! :index, Message
@messages = current_company.messages.most_recent.paginate(:page => params[:page]).includes([:user, :customer])
end
and the ability causing the issue:
cannot :read, Message do |resource|
!company.active? && company.last_state_change_at && resource.created_at > company.last_state_change_at
end
however this makes no sense since I'm not asking cancan to verify a :read, instead an :index. when I comment out that ability block, everything works fine. What am i doing wrong?
:index is same as :read
See