Find correct user on users#show

2016-02-04 21:03:03 +01:00 · 2016-02-04 21:03:03 +01:00 · 71fc48cd71
commit 71fc48cd71
parent d723c46c2a
2 changed files with 4 additions and 2 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -42,6 +42,6 @@ class UsersController < ApplicationController
    end

    def init
-      @user = User.find_by_id(params[:id]) || current_user
+      @user ||= current_user
    end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -25,7 +25,9 @@ class Ability
  def initialize_user(user)
    can :read, :all
    can :manage, User, id: user.id
-    can :create, Order, user: user
+    can :create, Order do |order|
+      order.user == user
+    end
    can :destroy, Order do |order|
      order.try(:user) == user && order.deletable
    end