Here is my problem. I have multiple users with multiple subscriptions each and i want to authorise subscriptions index method with Pundit. My routes.rb:
resources :users do resources : subscriptions end
Lets assume i'm user with id 1. What i need is to get list of subscriptions when i open /users/1/subscriptions
and Pundit access error when i open /user/2/subscriptions
Here is my subscriptions_controller.rb
SubscriptionController < ApplicationController def index @user = User.find(params[:user_id]) @subscriptions = @user.subscriptions authorize @subscriptions end end
I can do authorize @user, :subscriptions_index
, but it just feels wrong to write user policy for subscription authentication. How should i approach this problem? Thanks in advance.