Ensure views only link to those actions allowed for current user

app/views/consumers/index.html.slim

@@ -9,10 +9,10 @@ h1 = Consumer.model_name.human(count: 2)
     tbody
       - @consumers.each do |consumer|
         tr
-          td = link_to(consumer.name, consumer)
-          td = link_to(t('shared.show'), consumer)
-          td = link_to(t('shared.edit'), edit_consumer_path(consumer))
-          td = link_to(t('shared.destroy'), consumer, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
+          td = link_to_if(policy(consumer).show?, consumer.name, consumer)
+          td = link_to(t('shared.show'), consumer) if policy(consumer).show?
+          td = link_to(t('shared.edit'), edit_consumer_path(consumer)) if policy(consumer).edit?
+          td = link_to(t('shared.destroy'), consumer, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(consumer).destroy?
 
 = render('shared/pagination', collection: @consumers)
 p = render('shared/new_button', model: Consumer)

app/views/consumers/show.html.slim

@@ -1,6 +1,6 @@
 h1
   = @consumer
-  = render('shared/edit_button', object: @consumer) if policy(@consumer).edit?
+  = render('shared/edit_button', object: @consumer)
 
 = row(label: 'consumer.name', value: @consumer.name)
 - %w[oauth_key oauth_secret].each do |attribute|