Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class DashboardsController < ApplicationController
- before_action :authorize_dashboard_for_customer, only: :show
- after_action :verify_authorized, except: :index
- after_action :verify_policy_scoped, only: :show
- expose(:dashboards) {
- Customer.find(params[:customer_id]).dashboards
- }
- expose(:dashboard) {
- Dashboard.find(params[:id])
- }
- expose(:customer) {
- Customer.find(params[:customer_id])
- }
- def index
- end
- def show
- end
- private
- def authorize_dashboard_for_customer
- authorize dashboard, :show?
- end
- end
- class DashboardPolicy < ApplicationPolicy
- def index?
- show?
- end
- def show?
- customer = user.try(:customer)
- return false if customer.blank?
- @record.customers.present? && @record.customers.include?(customer) || user.role == 'admin'
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement