Cancan accessible_by

Chris Muench picture Chris Muench · Mar 17, 2011 · Viewed 8.9k times · Source

What exactly is happening when I do:

@patient.course_enrollments.accessible_by(current_ability)

What seems to happen is I get course_enrollments where course.client_id = user.client.id, I just don't understand how accessible_by works.

# ability.rb
can :manage, CourseEnrollment, :course => {:client_id => user.client.id}

Answer

jdl picture jdl · Mar 17, 2011

accessible_by gives you a scope that includes only those records which you'd be able to access given the current_ability. Since you stated that the :manage ability on CourseEnrollment is filtered by courses owned by the current user, the accessible_by call will add in that same restriction so that the course enrollments returned will all be "accessible by" the current user.