This repository was archived by the owner on Dec 12, 2021. It is now read-only.
This repository was archived by the owner on Dec 12, 2021. It is now read-only.
Not loading expected results on :index action #1050
Description
Hi guys,
I am facing a very weird problem as, for some reason, I am getting more results than expected ones. There are Schools. Each School has many Communications, each of them is related to a Family through a Recipient.
I am expecting to get ONLY those Communications where current_user's Family is a Recipient but, for some reason, I am getting ALL the Communications from that School.
It is really annoying that the written tests are all working as expected and that, through Console, I am simulating the rules ad they are also working.
Suggestions and solutions are very welcome!
Regards.
Alejandro.
Communications controller:
before_action :authenticate_user!
load_and_authorize_resource :school
load_and_authorize_resource :communication, through: :school
# GET /schools/:school_id/communications
def index
json_response_ser(@school.communications.order(:created_at), CommunicationFullSerializer)
end
def json_response_ser(object, serializer, status = :ok)
# helper that responds with JSON and an HTTP status code (200 by default)
render json: object, status: status, each_serializer: serializer
end
Some of the abilities definition:
# School: can only read the School where is assigned to
can :read, School do |s|
s.families.include?(user.origin.try(:family))
end
# Communication: can read all the Communications where the Family was recipient
can :read, Communication do |c|
user.origin.try(:family).communications.include?(c)
end