Pundit scopes

Dmitrii Amelchenko March 13, 2016 12:02pm

Hi, i have no idea how to choose best way. There are three models User, Department and Task. Each user assigned to one department (belongs to). Department has many tasks. How to write a policy or something to do without using Pundit, when user can see only tasks from assigned department?

Chris Oliver March 14, 2016 2:40am

Dmitry,

Without Pundit, you can scope your queries in the controller with @tasks = current_user.department.tasks so that it always accesses them through the User.

With Pundit, you can setup a scope to reference the Department on the user:

class TaskPolicy < ApplicationPolicy
  class Scope < TaskPolicy
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      @scope.where(department_id: @user.department_id)
    end
  end
end

And use this by saying @tasks = policy_scope(Task)

Dmitrii Amelchenko March 14, 2016 7:09am

Chris thanks!

Join the discussion

Create an account Log in

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Learn Hotwire

Install and Deploy Rails Guides

Hatchbox.io

Jumpstart Rails SaaS Template

Remote Ruby Podcast

GoRails Open Source

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Notifications

Pundit scopes

Want to stay up-to-date with Ruby on Rails?