If the field we want to check inside a resource that has a relates_to_actor_via
check is a has_many
relationship, relates_to_actor_via
will correctly handle that and check each resource inside that list with the actor field.
Now, let’s say we have it the other way around. For example:
Let’s say I have the following resources:
School
, a school has ahas_many
relationship withTeacher
andhas_many
relationship withStudent
;Teacher
, a teacher has ahas_many
relationship withSchool
;TeacherSchool
, has abelongs_to
relationship with bothSchool
andTeacher
;Student
has abelongs_to
relationship withSchool
.
Now let’s say I am a teacher (the actor) and I want to update a student, to allow that, I want to make a policy that will check if the student is enrolled in one of the schools that the current teacher teaches.
This seems like a perfect usage of relates_to_actor_via
check using this policy in Student
:
policy action(;update) do
authorize_if relates_to_actor_via(:school, field: :schools)
end
The issue is that relates_to_actor_via
will only check for a has_many
relationship for the first argument :school
, but it will not do the same to the second argument :schools
, making the policy fail.
Is it possible to add support for that use case?