I have a resource for students with CRUD methods. Only people with certain roles can read, update, manage, etc the students resource. I specified that in my ability.rb file. However, now I want students (who normally have no access to the students resource) to be able to access only their attendance records in /students/:student_id/attendances. How can I allow that?
Asked
Active
Viewed 105 times
0
at.
- 50,922
- 104
- 292
- 461
1 Answers
0
can :read, Attendance, student_id: user.id
This should work.
I suppose this should allow access to attendances_controller#show when current user id has the same value of student_id column of attendance that is being accessed.
sites
- 21,417
- 17
- 87
- 146
-
This is not an Attendance resource. It's under the students controller. – at. Jul 30 '13 at 02:23
-
I think I understand what you're suggesting. In my students controller, I do load Attendance records. So I guess that makes sense what you wrote. Except it doesn't work :(. – at. Jul 30 '13 at 03:08