Ask A Question
Notifications
You’re not receiving notifications from this thread.
Pundit Policy and has_many through Pt. II
Hey there,
I decided to start another post although I read this one already https://gorails.com/forum/pundit-scope-and-has_many-through but I need to confirm that my query is on point.
Here's my three models:
class Project < ActiveRecord::Base
has_many :collaborations
has_many :users, through: :collaborations
end
class Collaboration < ActiveRecord::Base
belongs_to :project
belongs_to :user
end
class User < ActiveRecord::Base
has_many :collaborations
has_many :projects, through: :collaborations
end
What I need is to allow project.user (in this case the project creator) OR project.collaborators to see their list of projects. What I'm looking is for a way to improve this query: scope.joins(:users).where('collaborations.user_id = ? OR projects.user_id = ?', user, user)
class Scope < Scope
def resolve
return scope.all if user.has_role?(:admin) && user.present?
scope.joins(:users).where('collaborations.user_id = ? OR projects.user_id = ?', user, user)
end
end
def add_member_to_project
@project = Project.friendly.find(params[:project_id])
if @project.update_attributes(project_params)
user_ids = params[:project][:user_ids]
user_ids.map do |user_id|
@project.collaborations.build(user_id: user_id)
end
flash[:notice] = "Member added."
redirect_to @project
else
flash[:danger] = "Member couldn't be added"
render 'show'
end
end
<%= form_for @project, :url => add_member_to_project_path do |f| %>
<%= f.collection_check_boxes(:user_ids, @members, :id, :name) %>
<%= f.submit "Save changes", class: "btn btn-primary" %>
<% end %>
Thank you!