cancan
cancan copied to clipboard
load_and_authorize_resource with shallow nested resources does not load parent
I have: load_and_authorize_resource :company load_and_authorize_resource :presentation, :through => :company, :shallow => true
I would expect that the :shallow => true takes care of correctly loading the @company when its id is not in the parameter list, but it doesn't... @company = nil.
Thanks for an otherwise great Gem.
Pascal.
That is an interesting idea. My only concern is that it doesn't quite map what the user is requesting through params since the parent resource isn't mentioned. I'll mark this for discussion to see what others think.
I also wonder what InheritedResource and other resource loading tools do in this situation. Anyone know?
This would definitely be useful for me. As an alternative, I'm using the following workaround:
before_filter :load_project_on_shallow, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource :project
load_and_authorize_resource :task, through: :project, shallow: true
protected
def load_project_on_shallow
@task = Task.find(params[:id])
@project = @task.project
end
This is a little clumsy and I might be doing it all wrong, so suggestions are welcome!
The workaround I usually use is
load_and_authorize_resource :project
load_and_authorize_resource :task, through: :project, shallow: true
before_filter :set_project
protected
def set_project
@project ||= @task.project
end
@stellard Looks like a great solution, but this unfortunately does not work. I still get Couldn't find ParentObject with id=
and an ActiveRecord::RecordNotFound
exception, when accessing the nested resource's edit page.
@sebastianwr You wouldn't expect it to load the parent resource on the edit page for shallow routes (this is why you dont have an id for the find)
This error indicates that your settings are not correct for load_and_authorize_resource
missing shallow: true
?
No, shallow is set to true for this method. The parent object should be loaded not by ID in the URL but through the nested object's reference. But it's related to bug #864, I guess.
I also have similar type of problem statement.
my routes are
api/v1/parent/parent_id/child/create
api/v1/parent/undefined/child/create
controller
load_and_authorize_resource :parent, except : [:show, :otheraction] load_and_authorize_resource :through=>parent, except: [:show, :action1, action2] load_and_authorize_resource
in case of
show action i don't need parent so added in except but in case of create i want to load the parent when parent_id is present and don't want to load the parent when parent_id in url is coming undefined or not present.
Thanks,