I a simple relation
class Rental < ApplicationRecord
has_many :offers, dependent: :delete_all
end
and
class Offer < ApplicationRecord
belongs_to :rental
end
Within the OffersController I'm performing a few checks regardin the create action which currently looks like
class OffersController < ApplicationController
def create
unless current_user.stripe_id?
return redirect_to billing_path, alert: "No stripe id."
end
if @rental && @rental.user_id == current_user.id
redirect_to(request.referer, alert: "Invalid action.") && return
end
if current_user.offers.accepted.any?
redirect_to(request.referer, alert: "Already accepted offer.") && return
end
if Offer.exists?(user_id: current_user.id)
redirect_to(request.referer, alert: "Invalid.") && return
end
end
end
and what I would like to achieve is to remove all these checks from the contoller to clean it up and supposedly this would be handled by pundit very well.
My issue is that if I create an OfferPolicy I have that
class OfferPolicy < ApplicationPolicy
attr_reader :user, :offer
def initialize(user, offer)
@user = user
@offer = offer
end
def create?
user.stripe_id?
end
end
which would take care of the first check, but I ran into problems when I had to authorize within the offers controller using the paren record @rental. How should this be done? It would seem that I would need to authorize using some rental policy which I at the moment don't have at all.
