We get an error with declarative authentication on CREATE and UPDATE's. We are not sure why, as somehow in the error it shows no user being authenticated and somehow the session is getting lost:
`Authorization::NotAuthorized in CartypesController#update
No matching rules found for update for # (roles [:guest], privileges [:update], context :cartypes). `
The role "backoffice" has the rights in the authentication_controller.rb:has_permission_on :cartypes, :to => [:index, :show, :new, :create, :edit, :update, :destroy, :delete]
In stackoverflow there is a similar issue: Link to Stackoverflow Question
We are new to Rails and have tried out this first time, other show and list work fine.. (GET operations)
Any help appreciated... thx.
EDIT: We were able to solve this, as we found out the documentation on "declarative authorization" was not so clear when discussing model security! If you read very carefully, when using model security it is needed to set: ## Heading ##Authorization.current_user to the request’s user (in application_controller.rb). For rails-n00bs it might not be so clear...