Found the answer:
can :payment_made, Order, : *seller_id* => user.id
Then leave payment_received blank or make changes to @orders as follows.
def payment_received
@orders = @orders.order("id DESC")
end
This way the user can see his own and not other's payment_received.
On Friday, March 7, 2014 8:37:55 PM UTC+8, Brandon wrote:
>
> Thanks Dave, been spending days cleaning up my code based on your
> suggestions and pretty proud of it now.
>
> I've a dilemma now with CanCan vs Nested Resources in Routes.rb:
>
> *In Routes.rb:*
>
> resources :users do
> resources :orders do
> collection do
> get :payment_received
> end
> end
> end
>
> *In orders_controller.rb:*
>
> def payment_received
> @user = User.find(params[:user_id])
> @orders = Order.where(seller_id: @user.id).order("id ASC")
> render 'payment_received'
> end
>
> *In ability.rb:*
> can :payment_made, Order, :user_id => user.id
>
> *The problem*
>
> With the following route:
>
> payment_received_user_orders GET
> /users/:user_id/orders/payment_received(.:format)
> orders#payment_received
>
> Through CanCan, I can't seem to enforce the ":user_id => user.id" whereby
> the *current_user* can only see his own payment_received (based on his
> own user_id) and not someone else's payment_received.
>
>
> On Wednesday, March 5, 2014 1:10:24 AM UTC+8, Dave Aronson wrote:
>>
>> On Mon, Mar 3, 2014 at 4:01 PM, Brandon <[email protected]> wrote:
>>
>> > This is what my User/Create looks like after rethinking my controller.
>> Does
>> > it need more work to make it slimmer?
>>
>> I've seen (and even made) much worse, but this can be slimmed down
>> fairly easily. The sign_in and that big if-statement, have nothing to
>> do with what screen to show next, data to show there other than what's
>> already in some already-used model, or other such things that properly
>> belong in the controller. So, they can be extracted and put into the
>> User model, though you may need to pass in the current_order_id and
>> current_follow_id. You'd wind up with something like:
>>
>> def create
>> user.updating_password = true
>> if user.save
>> user.process_initial_session(current_order_id, current_follow_id)
>> redirect_back_or root_url, flash => { :success => 'Welcome!' }
>> else
>> render 'new'
>> end
>> end
>>
>> where user.process_initial_session (or whatever you choose to call it;
>> could be welcome, set_up_stuff, link_to_order_or_followers, whatever,
>> depending what else you may want to put in it) encapsulates all that
>> extracted stuff.
>>
>> -Dave
>>
>> --
>> Dave Aronson, the T. Rex of Codosaurus LLC (www.codosaur.us);
>> FREELANCE SOFTWARE DEVELOPER, AVAILABLE AS OF MARCH 1st 2014;
>> creator of Pull Request Roulette, at PullRequestRoulette.com.
>>
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/feb011b2-9f35-42e9-86ae-108d54fbab5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
