<![CDATA[Rails Forum - Ruby on Rails Help and Discussion Forum - filtering load_resource results in CanCan]]> http://railsforum.com/viewtopic.php?id=48545 Fri, 13 Apr 2012 13:41:36 +0000 PunBB <![CDATA[filtering load_resource results in CanCan]]> http://railsforum.com/viewtopic.php?pid=151759#p151759 The CanCan documents state that the :index method, of necessity, ignores any hash of conditions when checking a class and returns true, as in:

  can :read, MedicalRecord, :patient_id => user.id
  can? :read, MedicalRecord # returns true

So if I want MedicalRecordsController#index to ONLY return medical records for the current user, what's the right technique?  What I've done -- and it appears to work -- is to exploit the fact that load_resource sets @medical_records to a relation, and do further filtering on that:

    class MedicalRecordsController
      load_and_authorize_resource
      def index
        @medical_records = @medical_records.where(:patient_id => current_user.id)
      end
      ...
    end

Is this the approved technique?

- ff

]]> Fri, 13 Apr 2012 13:41:36 +0000 http://railsforum.com/viewtopic.php?pid=151759#p151759