When using pundit I understand I can authorise the current user against a model. Simple.
I have a scenario where I wish to authorise the user against a model and confirm criteria within a second model however Pundit only allows a single model.
i.e.
Students write articles for their classes and can comment on articles.
Class has many students M:M
Student has many classes M:M
Class has many articles 1:M
Article has many comments 1:M
Student has many articles 1:M
Student has many comments 1:M
In the article controller I need to authorise:
Create action: Student is a member of the class
Destroy action: Student is member of class and is owner of article
In the comment controller I need to authorise:
Create action: Student is a member of class and article is not closed to comments
Destroy action: Student is member of class and is owner of article
I hope it can be seen here that when creating and destroying articles & comments I need to authorise against two models. Always class_memberships plus either article or comment.
Can this be done in Pundit as I read it can only authorise user against one model.
