I have some problems defining the permissions for a twice nested resource. I have users > companies > orders…
My users have many companies through agreements.
Each company has many orders and each order belongs to a company.
My abilities.rb file contains the following:
elsif user.role? :customer_admin
can [:read, :update], User, :id => user.id
can [:read, :update], Company, :id => user.id
can :read, Company, :users => { :id => user.id }
can :read, Order, :user => { :id => user.id }
end
And in my orders controller, I have this:
load_and_authorize_resource :company
load_and_authorize_resource :order, :through => :company
The problem is that I can’t seem to view the order as the customer_admin
Hope you can help, thanks again.
—- edit —-
user.rb
has_and_belongs_to_many :roles
has_many :agreements
has_many :companies, :through => :agreements
company.rb
has_many :agreements
has_many :users, :through => :agreements
has_many :orders
accepts_nested_attributes_for :orders
order.rb
belongs_to :company
has_many :comments
has_many :tasks
has_many :requirements
has_many :services, :through => :requirements
has_many :servicelevelagreements
has_many :slas, :through => :servicelevelagreements
agreement.rb
belongs_to :user
belongs_to :company
Hope that’s a little more helpful!!
Do you have
user_idin orders, which defines the admin user?It seems that you want to use it in a
has_many :throughassociation. If that’s the case then I suggest to try accessing by defining like this:Since
cancansupports nested associations.Update
My setup assumes that your models looks like:
And your company should contain a field called
user_idwhich is the id of the assigned user.For more information please see the wiki. https://github.com/ryanb/cancan/wiki/Nested-Resources
Update 2
The problem is that your your
companyhas_many :users, :through=>:agreementsThis involves the following definition: