Posted in Pundit Scope and has_many through
I can use a little help to get on the right track.
I have 3 models
class User < ActiveRecord::Base has_many :associations has_many :items, through: :associations end class Item < ActiveRecord::Base has_many :associations has_many :users, through: :associations end class Association < ActiveRecord::Base belongs_to :user belongs_to :item end
Now i want to allow my users only to view and edit the item if they have a link trough associations.
so in my ItemPolicy i have the following scope
class Scope < Scope def resolve if user.admin? scope.all else scope.where(:company_id => user.associations.select(:item_id)) end end end
I setup my items_controller
def index @items = policy_scope(Item.includes(:company).all) authorize @items end
and this works. i only see the items where i have a association. Now i want to prevent users to edit the urllike myapp.com/item/2 and still be able to view item 2 if there is no association.
So i setup my show in the controller:
def show @item = policy_scope(Item.find(params[:id])) authorize @item end
but now i get undefined method `where' error. why does the same thing work for index and not for show?
also i would like your opinion if this is the right way to go.