Not able to delete User

Question

I am stuck in very weird situation. I am using Devise and cancan not sure if these two playing role in my frustation. So I have a User model with parent child relationship.

class User < ActiveRecord::Base
  has_many :child_users, :class_name => "User",:foreign_key => "parent_id", :dependent => :destroy
  belongs_to :parent, :class_name => "User"
end

When I delete child I am able to do it successfully but when I delete parent user I get redirect to root page saying "You are not authorized to access this page." Here is the code when I delete child user

<h1>Users</h1>
<table class="table table-striped">
  <thead>
  <tr>
    <th>Email</th>
  </tr>
  </thead>
  <tbody>
  <% @users.each do |user| %>
      <tr>
        <td><%= user.email %></td>
        <td>
          <%= link_to 'Show', user_path(user), :class => 'btn btn-mini' %>
          <%= link_to 'Edit', edit_user_path(user), :class => 'btn btn-mini' %>
          <%= link_to 'Destroy', user_path(user), :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-mini btn-danger' %>
          <%= link_to "Categories", {:controller => "levels", :id => user.id },:class => 'btn btn-mini'%>
        </td>
      </tr>
  <% end %>
  </tbody>
</table>

<%= link_to "Add Sub Child", {:controller => "users", :action => "sub_child", :parent_id => current_user.id },:class => 'btn'%>

Code below is for when I delete parent user

<h1>User</h1>
<p></p>
<table width="40%">
  <tr>
    <td><b>Email</b></td>
    <td><%= @user.email %></td>
  </tr>
</table>

<div class="form-actions">
  <%= link_to 'Edit', edit_user_path(@user), :class => 'btn' %>
  <%= link_to 'Delete', user_path, :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-danger' %>
</div>

User controller

class UsersController < ApplicationController
  before_filter :authenticate_user!
  load_and_authorize_resource

  respond_to :html, :json, :xml

  def show
    @user = User.find(params[:id])
    respond_with @user
  end

  def new
    @user = User.new
    RAILS_DEFAULT_LOGGER.error '***** JLD Message *****'

  end

  def index
    respond_with(@users = current_user.child_users)
  end

  def edit
    @user = User.find(params[:id])
  end

  def create
   @user = User.new(params[:user])

    if @user.save
      flash[:notice] = "#{ @user.email } created."
      redirect_to users_path
    else
      render :action => 'new'
    end
  end

  def destroy
    @user = User.find(params[:id])
    @user.destroy

    respond_to do |format|
      format.html { redirect_to users_url }
      format.json { head :no_content }
    end
  end

  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to @user, notice: 'User was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end
end

class ApplicationController < ActionController::Base
  protect_from_forgery

  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end
end

class Ability
  include CanCan::Ability

  def initialize(user)


    user ||= User.new # guest user (not logged in)
    # if user.admin?
    #  can :manage, :all
    #else

    can [:read, :update], User, :id => user.id
    can :manage, User, :parent_id => user.id

    #end

  end
end

Any advice is really appreciated. Thanks

Answer 1

I figured it out. In ability model before it was saying

can [:read, :update], User, :id => user.id 

Now with this change

can :manage, User, :id => user.id 

I am able to delete parent user. Thanks juanpastas when you ask for ability model that gave me direction.

Answer 2

You forgot @user in delete link

<%= link_to 'Delete', user_path(@user), :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-danger' %>