So I'm making authorization from scratch based on Ryan Bates' railscast.
I figured the problem i'm facing is in this part of code
action == 'create' || action == 'update'
What I want to say is that if the action is create OR action is update (so either of them) AND obj.has_accepted_acceptance? it should return false, but it returns true unless I eliminate || action == 'update' part of code. only then it works as intended.
So is the problem with the operators? Thank you in advance for your time!
class Permission < Struct.new(:user)
def allow?(controller, action, obj = nil)
if controller == "acceptances"
if action == 'create' || action == 'update' && obj.has_accepted_acceptance?
return false
end
end
return true
end
end
Try grouping your conditions:
if (action == 'create' || action == 'update') && obj.has_accepted_acceptance?