Wouter van den Beld

Joined

2,610 Experience
20 Lessons Completed
0 Questions Solved

Activity

Posted in Pundit Scope and has_many through

Hi!

I can use a little help to get on the right track.

I have 3 models

class User < ActiveRecord::Base
  has_many :associations
  has_many :items, through: :associations
end

class Item < ActiveRecord::Base
   has_many :associations
   has_many :users, through: :associations
end

class Association < ActiveRecord::Base
    belongs_to :user
    belongs_to :item
end

Now i want to allow my users only to view and edit the item if they have a link trough associations.
so in my ItemPolicy i have the following scope

 class Scope < Scope
    def resolve
     if user.admin?
        scope.all
      else
        scope.where(:company_id => user.associations.select(:item_id))
      end
    end
  end

I setup my items_controller

def index
  @items = policy_scope(Item.includes(:company).all)
  authorize @items
end

and this works. i only see the items where i have a association. Now i want to prevent users to edit the urllike myapp.com/item/2 and still be able to view item 2 if there is no association.

So i setup my show in the controller:

def show
    @item = policy_scope(Item.find(params[:id]))
    authorize @item
end

but now i get undefined method `where' error. why does the same thing work for index and not for show?
any ideas?

also i would like your opinion if this is the right way to go.