Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Use CanCan to determine if a polymorphic association has permission via validations
# Polymorphic validation
class Comment < ActiveRecord::Base
attr_accessible :content, :user, :user_id, :commentable, :commentable_id, :commentable_type
belongs_to :commentable, polymorphic: true
belongs_to :user
validates :commentable, :user, existence: { both: false } # Via validates_existence gem
validate :can_comment?, if: [:user, :commentable_id, :commentable_type]
private
def can_comment?
if Ability.new(user).cannot?(:comment, commentable_type.classify.constantize.find(commentable_id))
errors.add(:base, :cannot_comment)
end
end
end
class Ability
include CanCan::Ability
def initialize(user=nil)
can :comment, :reviews do |review| # CanCan 2.0 syntax (use Review instead of :reviews for < 2.0)
# We only want a host or guest to comment on a review
[review.booking.guest, review.booking.host].include? user
end if user
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.