使用CanCan通過父母關聯授權子對象

Question

我們可以根據父母關聯檢查子對象的權限嗎？

我有一個Group（父母）和User，通過Membership（協會）之間的多對多關聯（見下面的關聯）。我有一個Event（兒童）模型屬於Group和User。 Membership有一個名爲role的列，這是我想基於我的權限。

我想確保user只能創建一個event如果user是，event屬於group的owner。通過owner我的意思是有Membership.where(user_id: user, group_id: group, role: 'admin')記錄。

該文檔在Accessing Parent in Ability下暗示了這一點，但他們沒有提及關聯關係。

# in Ability 
can :manage, Task, :project => { :user_id => user.id } 

爲此例如翻譯成我的使用情況：

# in Ability 
can :create, Event, :group => { group.owner == user } 

我已經有一個group.owner設置：

class Membership < ActiveRecord::Base 
    belongs_to :user 
    belongs_to :group, inverse_of: :memberships 
end 

class User < ActiveRecord::Base 
    has_many :memberships 
    has_many :groups, through: :memberships 

    has_many :ownerships, class_name: 'Membership', conditions: { role: 'admin' } 
    has_many :owned_groups, through: :ownerships, source: :group 

    has_many :events 
end 

class Group < ActiveRecord::Base 
    has_many :memberships 
    has_many :users, through: :memberships 

    has_one :ownership, class_name: 'Membership', conditions: { role: 'admin' } 
    has_one :owner, through: :ownership, source: :user 

    has_many :events 
end 

class Event < ActiveRecord::Base 
    belongs_to :organizer, class_name: 'User', foreign_key: 'user_id' 
    belongs_to :group 
end 

任何想法如何做到這一點？

Answer 1

這聽起來像您的許可，應當基於本集團：

can :create_events, Group, owner_id: user.id 

您是否使用嵌套的路線組&事件？

編輯：

can :create_events, Group, owner: { id: user.id }