working with pundit gem. Is it possible to apply the same rule to nested resources? if show is not allowed in lecture_policy then show in lesson_policy should not be allowed too.
Lecture has_many :enrollments has_many :users, through: :enrollments has_many :lessons end Lesson belongs_to :lecture end User has_many :lectures, through: enrollments has_many :enrollments end Enrollment belongs_to :user belongs_to :lecture end
class LecturePolicy < ApplicationPolicy def index? true end def create? false end def update? false end def edit? false end class Scope < Scope def resolve scope.where(:id => user.enrollments.select(:lecture_id)) end end end
Thanks so much for your comments!
The answer is simple enough that you might kick yourself. :)
You can simply call the policy inside the other one. Here's an example I found on Stack Overflow:
def edit? # I am assuming that a user can edit themselves, so the "or" is in there, if not, go back to using and document.user_id == user.id or UserPolicy.new(user, User.find(document.user_id)).edit? end
I kicked myself! haha
Actually I have found the answer, I must have been really tired....
What I did is that I just added to the lessons_controller.rb seems to do the trick actually. Will run some test.
def show @lecture = Lecture.find(params[:lecture_id]) @lesson = @lecture.lessons.find(params[:id]) **authorize @lecture** end
Join 31,575+ developers who get early access to new screencasts, articles, guides, updates, and more.