I have a platform where we have Users (devise). Then we have Courses an admin can add a user to a course to be a moderator, each Course has many Videos.
How can I manage it, to get the following approach working:
resources :courses do
resources :videos, except: [:index]
A moderator of a course should be able to add videos (nested routes, so we have courses/2/videos/new as a route). But no other user should be able to add a video to a course where he is not moderator.
The abilities are managed over an database model (Permission) like suggested in the wiki.
What I have so far is:
# Allow all users who can read a course to read the videos of this course as well.
can :read, Video do |video|
can? :read, video.course
# allow a moderator of a course to manage videos in this course
# THIS IS NOT WORKING SO FAR
can :manage, Video do |video|
can? :moderate, video.course
The last ability is not working because if my controller starts the action, the course is somehow not set for that video
# GET /videos/new
# @course is set by the nested routing
@video = Video.new(course: @course)