开发者

Cancan accessible_by

开发者 https://www.devze.com 2023-02-18 15:33 出处:网络
What exactly is happening when I do: @patient.course_enrollments.accessible_by(current_ability开发者_开发知识库)

What exactly is happening when I do:

@patient.course_enrollments.accessible_by(current_ability开发者_开发知识库)

What seems to happen is I get course_enrollments where course.client_id = user.client.id, I just don't understand how accessible_by works.

# ability.rb
can :manage, CourseEnrollment, :course => {:client_id => user.client.id}


accessible_by gives you a scope that includes only those records which you'd be able to access given the current_ability. Since you stated that the :manage ability on CourseEnrollment is filtered by courses owned by the current user, the accessible_by call will add in that same restriction so that the course enrollments returned will all be "accessible by" the current user.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号