You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
got a smaller design question. I'm having this structure:
Project.has_many:coursesCourse.belongs_to:project
as well as a User can organize some (not all) Pojects. When a user can organize a Project, he's able to create (but not destroy) Courses. So, how would I describe the permission check for creating a Course for a specific Project?
and check via policy(Course.new(project: @project)).create?. As a side note, I can't use @project.courses.build here because I iterate over @project.courses and don't want unsaved records. That's why I use Course.new(...) here.
I like the latter more, but I ponder about instantiating just another Course object for authorization.. Well, any ideas for this rather not that important design question? :) Maybe other ideas than the ones I had?
The text was updated successfully, but these errors were encountered:
Your second approach sounds solid, I'd go with it to keep all policies related to the Course model in a CoursePolicy.
classCoursesController < ApplicationControllerbefore_action:set_projectdefcreate@course=@project.courses.build(course_params)# or Course.new(project: @project)authorize@course# is equal to authorize @course, :create?respond_with@course# or if @course.save ... else ... endendprivatedefset_project@project= ...
endend
In the ApplicationPolicy there should be attr_reader :record, :user defined, so what I like to do in policies is alias the record method to whatever we're talking about, in this case, a record.
Heyhey,
got a smaller design question. I'm having this structure:
as well as a User can organize some (not all) Pojects. When a user can organize a Project, he's able to create (but not destroy) Courses. So, how would I describe the permission check for creating a Course for a specific Project?
Ideas that come to my mind:
and check via
policy(@project).create_course?
in the view.and check via
policy(Course.new(project: @project)).create?
. As a side note, I can't use@project.courses.build
here because I iterate over@project.courses
and don't want unsaved records. That's why I useCourse.new(...)
here.I like the latter more, but I ponder about instantiating just another Course object for authorization.. Well, any ideas for this rather not that important design question? :) Maybe other ideas than the ones I had?
The text was updated successfully, but these errors were encountered: