What exactly is happening when I do:
@patient.course_enrollments.accessible_by(current_ability)
What seems to happen is I get course_enrollments where course.client_id = user.client.id
, I just don't understand how accessible_by
works.
# ability.rb
can :manage, CourseEnrollment, :course => {:client_id => user.client.id}
accessible_by
gives you a scope that includes only those records which you'd be able to access given the current_ability
. Since you stated that the :manage
ability on CourseEnrollment
is filtered by courses owned by the current user, the accessible_by
call will add in that same restriction so that the course enrollments returned will all be "accessible by" the current user.