Wouter van den Beld

Joined

1,010 Experience
4 Lessons Completed
0 Questions Solved

Activity

Posted in Pundit Scope and has_many through

Hi!

I can use a little help to get on the right track.

I have 3 models

class User < ActiveRecord::Base
  has_many :associations
  has_many :items, through: :associations
end

class Item < ActiveRecord::Base
   has_many :associations
   has_many :users, through: :associations
end

class Association < ActiveRecord::Base
    belongs_to :user
    belongs_to :item
end

Now i want to allow my users only to view and edit the item if they have a link trough associations.
so in my ItemPolicy i have the following scope

 class Scope < Scope
    def resolve
     if user.admin?
        scope.all
      else
        scope.where(:company_id => user.associations.select(:item_id))
      end
    end
  end

I setup my items_controller

def index
  @items = policy_scope(Item.includes(:company).all)
  authorize @items
end

and this works. i only see the items where i have a association. Now i want to prevent users to edit the urllike myapp.com/item/2 and still be able to view item 2 if there is no association.

So i setup my show in the controller:

def show
    @item = policy_scope(Item.find(params[:id]))
    authorize @item
end

but now i get undefined method `where' error. why does the same thing work for index and not for show?
any ideas?

also i would like your opinion if this is the right way to go.

logo Created with Sketch.

Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

© 2020 GoRails, LLC. All rights reserved.