cancan icon indicating copy to clipboard operation
cancan copied to clipboard

Published 20 hours ago verified publisher icon ryanb

load_and_authorize_resource with shallow nested resources does not load parent

Open plindelauf opened this issue 13 years ago • 7 comments

I have: load_and_authorize_resource :company load_and_authorize_resource :presentation, :through => :company, :shallow => true

I would expect that the :shallow => true takes care of correctly loading the @company when its id is not in the parameter list, but it doesn't... @company = nil.

Thanks for an otherwise great Gem.

Pascal.

plindelauf avatar Jun 16 '11 11:06 plindelauf

That is an interesting idea. My only concern is that it doesn't quite map what the user is requesting through params since the parent resource isn't mentioned. I'll mark this for discussion to see what others think.

I also wonder what InheritedResource and other resource loading tools do in this situation. Anyone know?

ryanb avatar Jun 20 '11 22:06 ryanb

This would definitely be useful for me. As an alternative, I'm using the following workaround:

before_filter :load_project_on_shallow, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource :project
load_and_authorize_resource :task, through: :project, shallow: true

protected
def load_project_on_shallow
  @task = Task.find(params[:id])
  @project = @task.project
end

This is a little clumsy and I might be doing it all wrong, so suggestions are welcome!

dznz avatar Apr 25 '12 04:04 dznz

The workaround I usually use is

load_and_authorize_resource :project
load_and_authorize_resource :task, through: :project, shallow: true
before_filter :set_project

protected

def set_project
  @project ||= @task.project
end

stellard avatar Sep 11 '13 22:09 stellard

@stellard Looks like a great solution, but this unfortunately does not work. I still get Couldn't find ParentObject with id= and an ActiveRecord::RecordNotFound exception, when accessing the nested resource's edit page.

sebastianwr avatar Oct 29 '13 13:10 sebastianwr

@sebastianwr You wouldn't expect it to load the parent resource on the edit page for shallow routes (this is why you dont have an id for the find)

This error indicates that your settings are not correct for load_and_authorize_resource

missing shallow: true ?

stellard avatar Oct 29 '13 13:10 stellard

No, shallow is set to true for this method. The parent object should be loaded not by ID in the URL but through the nested object's reference. But it's related to bug #864, I guess.

sebastianwr avatar Nov 04 '13 13:11 sebastianwr

I also have similar type of problem statement.

my routes are api/v1/parent/parent_id/child/create
api/v1/parent/undefined/child/create

controller

load_and_authorize_resource :parent, except : [:show, :otheraction] load_and_authorize_resource :through=>parent, except: [:show, :action1, action2] load_and_authorize_resource

in case of

show action i don't need parent so added in except but in case of create i want to load the parent when parent_id is present and don't want to load the parent when parent_id in url is coming undefined or not present.

Thanks,

jaswinderahuja avatar Jul 07 '19 23:07 jaswinderahuja