I have a model called Referral Request and associated table and views. I have three user roles defined using enums:
enum role: { staff: 0, clinician: 1, admin: 2 }
Staff users belong to universities, and universities have many staff users. My intention in many parts of my application is to use pundit policies to only show staff users records that are associated with other users from their university. I am trying to do that for referral requests for example, but I have something configured incorrectly, because it shows any given user all referral requests regardless of whether they were created by another user who belongs to their university or not. What am I doing wrong?
Referral Request Policy:
class ReferralRequestPolicy < ApplicationPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.joins(:user).merge(User.where(university: user.university))
end
end
end
def index?
user.staff? or user.admin?
end
end
Referral Request Model:
class ReferralRequest < ApplicationRecord
belongs_to :user, -> { where role: :staff }
belongs_to :patient
has_many :dispatches
has_many :clinicians, through: :dispatches
has_and_belongs_to_many :languages
has_and_belongs_to_many :races
has_and_belongs_to_many :genders
validates :user_id, presence: true
enum status: { created: 0, sent: 1, shared: 2, closed_under_care: 3, closed_not_seeking_care: 4, closed_unresponsive: 5 }
end
staff user concern:
require 'active_support/concern'
module StaffUser
extend ActiveSupport::Concern
included do
belongs_to :university
has_many :patients
has_many :referral_requests
validates :university_id, presence: true, if: :staff?
end
class_methods do
end
end
University Model
class University < ApplicationRecord
has_many :staffs, -> { where role: :staff}, class_name: "User"
has_many :clinicians, through: :lists
has_many :whitelists
belongs_to :market
validates :market_id, presence: true
end
