Topic: CanCan: can :create based on another model

I've posted a question to Stack Overflow: … ny-through

but I realize that at least one important CanCan expert reads this forum! smile

In short, I have a Club model that has_many Memberships.  The Club model also has an is_enrollable field. 

I'd like to authorize creation of a Membership record only if its associated Club is_enrollable.  Conceptually speaking, given these two clubs:

  public_club = Club.create(:name => "public", :is_enrollable => true)
  private_club = Club.create(:name => "snooty", :is_enrollable => false)

... calling Membership.create(:club => public_club) should succeed and calling Membership.create(:club => private_club) should fail.

I don't mean to suggest that the authorization happen at the model level -- CanCan does its thing at the controller level.  But how do I capture this behavior in the Ability class?

- ff

Re: CanCan: can :create based on another model

Answered my own question: a :create authorization is passed a new record (unsaved), so it *can* validate through an associated model.  Which is to say that the following works:

      can :create, Membership, :club => {:is_enrollable => true}

(I had fooled myself into thinking that since Membership wasn't yet created that it would be impossible to authenticate on an associated model.)