So I'm making authorization from scratch based on Ryan Bates' railscast.
I figured the problem i'm facing is in this part of code
action == 'create' || action == 'update'
What I want to say is that if the action is
create OR action is
update (so either of them) AND
obj.has_accepted_acceptance? it should return false, but it returns true unless I eliminate
|| action == 'update' part of code. only then it works as intended.
So is the problem with the operators? Thank you in advance for your time!
class Permission < Struct.new(:user) def allow?(controller, action, obj = nil) if controller == "acceptances" if action == 'create' || action == 'update' && obj.has_accepted_acceptance? return false end end return true end end