Ask A Question

Notifications

You’re not receiving notifications from this thread.

Pundit scopes

Dmitrii Amelchenko asked in General

Hi, i have no idea how to choose best way. There are three models User, Department and Task. Each user assigned to one department (belongs to). Department has many tasks. How to write a policy or something to do without using Pundit, when user can see only tasks from assigned department?

Reply

Dmitry,

Without Pundit, you can scope your queries in the controller with @tasks = current_user.department.tasks so that it always accesses them through the User.

With Pundit, you can setup a scope to reference the Department on the user:

class TaskPolicy < ApplicationPolicy
  class Scope < TaskPolicy
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      @scope.where(department_id: @user.department_id)
    end
  end
end

And use this by saying @tasks = policy_scope(Task)

Reply

Chris thanks!

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 85,831+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.