In the scenario where the current user has the ability to only edit/update certain attributes on a user model. If the current user has the "admin" role and @user has a role other than the "applicant" role, then using the can? doesn't seem to return the correct result. I can workaround the issue by changing can?(:update, @user) with @current_ability.permitted_attributes(:update, @user).any? in the user edit view template.
Steps to reproduce
In the scenario where the current user has the ability to only edit/update certain attributes on a user model. If the current user has the "admin" role and @user has a role other than the "applicant" role, then using the can? doesn't seem to return the correct result. I can workaround the issue by changing
can?(:update, @user)
with@current_ability.permitted_attributes(:update, @user).any?
in the user edit view template.Please copy the following Gist and edit it to reproduce your issue: https://gist.github.com/michaelcohenunsw/c2dfb85ba36416aa7884672d8f588eab
Expected behavior
Actual behavior
System configuration
Rails version: 6.0.6.1
Ruby version: 2.7.6
CanCanCan version: 3.4.0