Home/ Questions/Q 8539049
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T11:16:14+00:00

I’m trying to add filter_access_to with attribute_check: true but my model, Assignment , is

  • 0

I’m trying to add filter_access_to with attribute_check: true but my model, Assignment, is nested on Project and I want to check that the current user is assigned to the project so he/she can update the assignments (i.e. all the assignments, not just a specific one) on the project.

I have the next permission:

has_permissions_on :assignment do |a|
    to :read
    if_attribute :user, is { user }
end

And in my controller:

filter_access_to :all, require: :manage, context: :assignment, attribute_check: true

The problem is that I can’t access the index page because it doesn’t find the assignment’s id.

My models are:

class User < ActiveRecord::Base
    has_many :assignments
    has_many :projects, through: :assignments
end

class Project < ActiveRecord::Base
    has_many :assignments
    has_many :users, through: :assignments
end

class Assignment < ActiveRecord::Base
    belongs_to :user, inverse_of: :assignments
    belongs_to :project, inverse_of: :assignments
end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Unless you have a very specific need to use filter_access_to, you can use filter_resource_access (see docs) instead and specify :nested_in option.

    Simply change your filer_access_to line with the following (or similar):

    filter_resource_access nested_in: :projects

    If you really want to continue using filter_access_to, then you need to create an instance of Assignment associated with Project and assign it to @assignment instance variable in a before_filter. This is what Declarative Authorization does under the hood when you use filter_resource_access.

    • 0