ruby-on-rails - Cancan it Rolify Ability

Question

My Ability file has

if user.has_role? :admin
  can :manage, :all
else
  can :manage, Company, :id => Company.with_role(:operator, user).pluck(:id)
  ...
end

And my Company Controller index has

def index
@companies = Company.with_role(:operator, current_user)

But when I sign in as a User who operates a company, I cannot access that page. (Even though the Company.with_role(:operator, user) returns a relation in the console!)

Companies have Codes. I am not sure how to write this in cancan:

Company.with_role(:operator, user).map{|o| o.codes}

But the wiki says if I use a block then authorize_resource will not set the instance variable @codes, because it doesn't know which objects belong to the user. So I cannot use:

can :manage, Code =>  do |Code|
    user.has_role? :operator, code.company
end

I am looking for a solution that will let my CodesController do:

def index
if params[:company_id]
  @keywords = Code.where(:company_id => params[:company_id])
end

And otherwise show the user all their Codes across all of the Companies they have the operator role for.

score 0 · Accepted Answer

def index
    if params[:company_id]
      @codes = Company.with_role(:operator, current_user).where(:id => params[:company_id]).map{|o| o.keywords}.flatten
    else
      @codes = Company.with_role(:operator, current_user).map{|operator| operator.keywords}.flatten
    end
  end

ruby-on-rails - Cancan it Rolify Ability

2 に答える 2

Related

Reference