app/policies/itsf/backend/engine_policy.rb in itsf_backend-1.1.9 vs app/policies/itsf/backend/engine_policy.rb in itsf_backend-1.1.10
- old
+ new
@@ -1,9 +1,10 @@
module Itsf::Backend
class EnginePolicy < Struct.new(:user, :engine)
def access?
permission_identifier = self.class.name.gsub('Policy', '').underscore
- allowed = user.respond_to?(:allowed_to?) ? user.allowed_to?(permission_identifier) : true
+ allowed = user.respond_to?(:allowed_to?) ? user.allowed_to?(permission_identifier) : false
+
if allowed
Rails.logger.debug "User #{user} is allowed to access #{permission_identifier}"
else
Rails.logger.debug "User #{user} is not allowed to access #{permission_identifier}"
end