Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Grant access to nested resources over can can #1012

Open
sebastianzillessen opened this Issue · 0 comments

1 participant

@sebastianzillessen

Hi there,

I have a platform where we have Users (devise). Then we have Courses an admin can add a user to a course to be a moderator, each Course has many Videos.

How can I manage it, to get the following approach working:

resources :courses do
    resources :videos, except: [:index]
end

A moderator of a course should be able to add videos (nested routes, so we have courses/2/videos/new as a route). But no other user should be able to add a video to a course where he is not moderator.

The abilities are managed over an database model (Permission) like suggested in the wiki.

What I have so far is:

# Allow all users who can read a course to read the videos of this course as well.
can :read, Video do |video|
  can? :read, video.course
end

# allow a moderator of a course to manage videos in this course
# THIS IS NOT WORKING SO FAR
can :manage, Video do |video|
  can? :moderate, video.course
end

The last ability is not working because if my controller starts the action, the course is somehow not set for that video

 # GET /videos/new
 def new
  # @course is set by the nested routing
  @video = Video.new(course: @course)
 end

Any ideas?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.