Ask A Question

Notifications

You’re not receiving notifications from this thread.

How do I apply a Pundit Policy to Index?

Rich Smith asked in Rails
I'd like to have an index page show only the associated (from the parent, location) records, and allow only users that own those records to see the index.  I am really struggling with this concept of scopes and would appreciate any help.

Here's where I'm at:
# New Document
Here's where I'm at:

#### Models

```
User
  has_one :business
  has_many :locations, :through => :business
end

Business
  belongs_to :user
  has_many :locations
end

Location
  extend FriendlyId
  belongs_to :business
  has_one :user, :through => :business
  has_many :sites, dependent: :destroy
  friendly_id :custom_url, use: :slugged
end

Site
  belongs_to :location
end

```

#### routes.rb
```
 resources :locations do
    resources :sites
  end
```

#### sites_controller.rb
```
class SitesController < ApplicationController
  before_action :set_site, only: [:show, :edit, :update, :destroy]
  before_action :set_location, only: [:new, :show, :edit, :index, :update, :destroy]
  
  
  def index
    authorize Site
    @sites = @location.sites.all
  end

  private
    def set_site
      @site = Site.find(params[:id])
    end
    def set_location
      @location = Location.friendly.find(params[:location_id])
    end
    def site_params
      params.require(:site).permit(:location_id, :site, :url, :review_site_id, :number_of_reviews, :average_rating, :extra_data)
    end
end
  
  ```

#### site_policy.rb

```
class SitePolicy < ApplicationPolicy
    class Scope
      attr_reader :user, :scope
  
      def initialize(user, scope)
        @user  = user
        @scope = scope
      end
  
      def resolve
        if user.has_role? :admin
          scope.all
        else
          scope.where(location.user)
        end
      end
    end

  def index? 
    return true if user.present? and user.has_role? :admin
  end
  ...
```


Any help or pointers at all would be super appreciated, I am really struggling wrapping my head around Pundit Scopes, but am keenly aware that I need them to get an index page to work. 




Reply
Formatted...

I'd like to have an index page show only the associated (from the parent, location) records, and allow only users that own those records to see the index.  I am really struggling with this concept of scopes and would appreciate any help.

Here's where I'm at:

Models

User
  has_one :business
  has_many :locations, :through => :business
end

Business
  belongs_to :user
  has_many :locations
end

Location
  extend FriendlyId
  belongs_to :business
  has_one :user, :through => :business
  has_many :sites, dependent: :destroy
  friendly_id :custom_url, use: :slugged
end

Site
  belongs_to :location
end


routes.rb


 resources :locations do
    resources :sites
  end


sites_controller.rb


class SitesController < ApplicationController
  before_action :set_site, only: [:show, :edit, :update, :destroy]
  before_action :set_location, only: [:new, :show, :edit, :index, :update, :destroy]
  
  
  def index
    authorize Site
    @sites = @location.sites.all
  end

  private
    def set_site
      @site = Site.find(params[:id])
    end
    def set_location
      @location = Location.friendly.find(params[:location_id])
    end
    def site_params
      params.require(:site).permit(:location_id, :site, :url, :review_site_id, :number_of_reviews, :average_rating, :extra_data)
    end
end
  

site_policy.rb



class SitePolicy < ApplicationPolicy
    class Scope
      attr_reader :user, :scope
  
      def initialize(user, scope)
        @user  = user
        @scope = scope
      end
  
      def resolve
        if user.has_role? :admin
          scope.all
        else
          scope.where(location.user)
        end
      end
    end

  def index? 
    return true if user.present? and user.has_role? :admin
  end
  ...



Any help or pointers at all would be super appreciated, I am really struggling wrapping my head around Pundit Scopes, but am keenly aware that I need them to get an index page to work. 
Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 86,946+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.