I defined an ability for admin users to avoid display of superadmin info :
( the superadmin record doesn't belongs to any area ... so area_id => nil )
user ||= Admin.new
if user.is? :admin
cannot :index, Admin, :area_id => nil
It seems I have to define the :index action like that : ( as described in the wiki pages , Admin.accessible_by(ability).paginate ..)
ability = BackofficeAbility.new(current_admin)
@order = ["created_at desc", "name asc"]
@page_number = params[:page].nil? ? 1 : params[:page].to_i
@admins = Admin.accessible_by(ability).paginate(:page => @page_number, :per_page => Admin.per_page)
@total_pages = @admins.count / Admin.per_page + (@admins.count % Admin.per_page > 0 ? 1 : 0 )
it running fine .... I tested without the ability check in the :index action and it's not fine , superadmin record is displayed ..
I thought the ability would have been already checked by the load_and_authorize_resource , isn't ???
thanks for clarifying it ...
@erwin, Are you still having an issue? I'm not entirely sure of the problem you're describing. If you are still having this problem and can provide some more context, then that would be helpful.
thanks Derek, I'm not anymore;.. I got a better understanding of CanCan so I can control it better .... nice to test it easily...