I'm using cancancan.. and it works fine on development env .. but once i got it on the production the site works like if there's no gem installed at all.. no authorization handled.
I can't figure out what is wrong
--------------------edited in the application controller there's
before_filter :authenticate_user!, if: :devise_controller?
rescue_from CanCan::AccessDenied do |exception|
# Make sure we don't redirect to an HTML page
# in API requests because this is absolutely a bad idea
unless request.accept == 'application/json'
flash[:error] = "Access denied."
redirect_to root_url
end
end
and in the ability file
def initialize(user)
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
can :index, Book
can :index, Category
end
end