0

I've an Account model which "has many" Users and also "has many" Meters. The Meter object has an account_id column so it's easy to define an ability for this in Cancancan:

if user
  can :crud, Meter, :account_id => user.account_id
end

However, a Meter also "has many" Parameter. I want to do a similar ability definition, only allowing CRUD access if the parameter belongs to a meter which belongs to the same account as user.

As the Parameter model only has a meter_id column (and not an account_id column), I'm not sure of the best way to achieve this extra level of nesting?

Edit

Apologies for being unclear.

My models are as follows:

Account > User (account_id) 
        > Meter (account_id) > Parameter (meter_id)

So I'm able to check if user.account_id = meter.account_id, but I'm not sure how to check for a parameter.

Edit 2

As well as Matt's answer, it's simply a case of including:

  load_and_authorize_resource :meter
  load_and_authorize_resource through: :meter

in the Parameter model.

Joe Czucha
  • 4,123
  • 2
  • 20
  • 28
  • This is not very clear. You mean crud access to `Parameter` models which belong to `Meter` models, which belong to the user? – Matt Gibson Jun 02 '15 at 15:28

1 Answers1

1
if user
  can :crud, Parameter, meter: { account_id: user.account_id }
end
Matt Gibson
  • 14,616
  • 7
  • 47
  • 79