Pundit is giving all users unauthorized access, not picking my policy. How do I fix it?

Question

I'm trying to implement Pandit in Redmine, but it's not working. It's giving unauthorized access to the admin and current user. I want the current user to access its data, and if it's admin, then it can.

class UserPolicy < ApplicationPolicy
  def show?
    # Users can access their own profile
    # user.present? && (user.admin? || user == record)
    true
  end

  def index?
    # Users can access their own profile
    # user.present? && (user.admin? || user == record)
    true
  end
end

and in user controller

before_action :authorize_actions, :only => [:index, :show, :edit, :update]

def authorize_actions
  authorize User
end