Cancan accessible_by

ruby-on-rails scope cancan
Chris Muench picture Chris Muench · Mar 17, 2011 · Viewed 8.9k times · Source

What exactly is happening when I do:

@patient.course_enrollments.accessible_by(current_ability)

What seems to happen is I get course_enrollments where course.client_id = user.client.id, I just don't understand how accessible_by works.

# ability.rb
can :manage, CourseEnrollment, :course => {:client_id => user.client.id}

Answer

jdl picture jdl · Mar 17, 2011

accessible_by gives you a scope that includes only those records which you'd be able to access given the current_ability. Since you stated that the :manage ability on CourseEnrollment is filtered by courses owned by the current user, the accessible_by call will add in that same restriction so that the course enrollments returned will all be "accessible by" the current user.

Related questions

Rails includes with scope

I have a model called Author. An author has many Articles. Articles have a scope called .published that does: where(published: true). I want to load the author, with the published articles. I tried: Author.includes(:articles.published).find(params[:…

Read More
How to use unscoped on associated relations in Rails3?

I have a default scope on products due to information security constraints. class Product < ActiveRecord::Base has_many :photos default_scope where('visible = 1') end In my associated Photo model, however, I also have to find products that should …

Read More
Argument Error: The scope body needs to be callable

I'm working through the 'Ruby On Rails 3 Essential Training' and have received a problem when using name scopes. When finding records and using queries withing the Rails console everything went smoothly until I tried to use a name scope in …

Read More