I am using Devise and CanCan to manage users and user-rights.
What I want is: Ordinary users shall be able to update their own Posts.
The most important Model is called Activity.

In the ability-model I have for ordinary members:

elsif user.role? :Member
   can :read, :all
   can :create, :all
   can :manage, Activity, :user_id=>user.id

(Thanks to Yuriy Goldshtrakh for the syntax of the third line)

In the index-view of the Activities, I have:

<% if can? :update, activity  %>
<br />
<%= link_to 'Update', edit_activity_path(activity) %>
<% end %>

<% if can? :delete, activity  %>
<%= link_to 'Delete', activity, :confirm => 'Really?', :method => :delete %>

<% end %>

This works: It only shows the update and the delete-link, if the Activity was created by the current member.

However, if the member updates the activity, the changes are not saved and the member is not sent back to the activity – as he/she should be after a successful update.

Here is the update-action in the Activities-controller:

  # PUT /activities/1.xml

def update

authorize! :update, @activity

@activity = Activity.find(params[:id])

respond_to do |format|
  if @activity.update_attributes(params[:activity])
    format.html { redirect_to(@activity, :notice => 'Activity was successfully updated.') }
    format.xml  { head :ok }
  else
    format.html { render :action => "edit" }
    format.xml  { render :xml => @activity.errors, :status => :unprocessable_entity }
  end
end

end

The question is: Why ist the activity not updated correctly?
I am grateful for all ideas!