API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 25th, 2016
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.81 KB | None | 0 0
raw download clone embed print report
  1. class DashboardsController < ApplicationController
  2. before_action :authorize_dashboard_for_customer, only: :show
  3. after_action :verify_authorized, except: :index
  4. after_action :verify_policy_scoped, only: :show
  5.  
  6. expose(:dashboards) {
  7. Customer.find(params[:customer_id]).dashboards
  8. }
  9.  
  10. expose(:dashboard) {
  11. Dashboard.find(params[:id])
  12. }
  13.  
  14. expose(:customer) {
  15. Customer.find(params[:customer_id])
  16. }
  17.  
  18. def index
  19. end
  20.  
  21. def show
  22. end
  23.  
  24.  
  25.  
  26. private
  27.  
  28. def authorize_dashboard_for_customer
  29. authorize dashboard, :show?
  30. end
  31. end
  32.  
  33. class DashboardPolicy < ApplicationPolicy
  34.  
  35. def index?
  36. show?
  37. end
  38.  
  39. def show?
  40. customer = user.try(:customer)
  41. return false if customer.blank?
  42.  
  43. @record.customers.present? && @record.customers.include?(customer) || user.role == 'admin'
  44. end
  45. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!