declerative_authorization on User problem

Question

I am trying to block all default methods except create and update in my users controller using declerative_authorization. But at the time I add filter_resource_access or filter_access_to into my usersController i always get "Couldn't find User without an ID". Anyone care to explain why this could be happening?

    class UsersController  :new
    end
  end

  def show
    @user = @current_user
  end

  def edit
    @user = @current_user
  end

  def update
    @user = @current_user # makes our views "cleaner" and more consistent
    if @user.update_attributes(params[:user])
      flash[:notice] = "Account updated!"
      redirect_to account_url
    else
      render :action => :edit
    end
  end
end

Answer 1

You should set the @user variable before the filter_access_to call with a before_filter as declarative_authorization tries to access @user when you call filter_access_to.

before_filter :set_user
filter_access_to :all

...

protected

def set_user
  @user = @current_user
end

Maybe you are setting the attribute_check parameter to true in your filter_access_to call? I have a similar controller and I don't really need the before_filter.

Another thing that might be causing it is a using_access_control call in your User model.