I installed Devise and Cancan. My user has role super_admin with options shown below:

Question

Asked: June 17, 20262026-06-17T12:02:38+00:00 2026-06-17T12:02:38+00:00

def initialize(user)
  user ||= User.new # guest user
  can :manage, :all
end

all works well except deleting elements. When I’m trying to delete object:

<%= link_to 'Destroy', place, :method => :delete, :data => { :confirm => 'Are you sure?' } %>

it keeps logging me out and redirecting to sign_in page

My class looks like that:

class PlacesController < ApplicationController
   before_filter :authenticate_user!
   load_and_authorize_resource

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-06-17T12:02:40+00:00

Editorial Team

Ok, I figured it out.

My layout file did not have authenticity_token tag

<%= csrf_meta_tag %>

so POST and DELETE requests couldn’t have been authenticated.

The Archive Base Latest Questions