filtering load_resource results in CanCan (Page 1) - Plugin/Gem Usage and Development - Rails Forum

filtering load_resource results in CanCan

Pages 1

You must login or register to post a reply

1 Topic by fearless_fool 2012-04-13 09:41:36

fearless_fool
Ticketholder
Offline

Registered: 2010-03-01
Posts: 6

Topic: filtering load_resource results in CanCan

The CanCan documents state that the :index method, of necessity, ignores any hash of conditions when checking a class and returns true, as in:

can :read, MedicalRecord, :patient_id => user.id
can? :read, MedicalRecord # returns true

So if I want MedicalRecordsController#index to ONLY return medical records for the current user, what's the right technique? What I've done -- and it appears to work -- is to exploit the fact that load_resource sets @medical_records to a relation, and do further filtering on that:

class MedicalRecordsController
load_and_authorize_resource
def index
@medical_records = @medical_records.where(:patient_id => current_user.id)
end
...
end

Is this the approved technique?

- ff

Posts [ 1 ]

Pages 1

You must login or register to post a reply