Im trying to learn how to use Pundit with Rails 4. I have been trying to learn this for the last 2 years and am slowly making a tiny bit of progress.

I am also trying to learn how to write scopes. I'm still trying to figure out how to translate advice into plain english so that I can begin to understand.

I'm getting stuck at the intersection of the scopes pundit policies use and the general scope class that I can write in a model.

I have models for Uer, Profile and Project.

The associations are:

User

has_one :profile

Profile

belongs_to :user
has_many :projects

Project

belongs_to :profile

I am trying to write a pundit policy that allows different users to see different projects. I am writing a scoped policy, in pundit to manage this.

In my project model, I'm trying to write scope that finds all of a user's projects. In plain english, I want to search all projects for those that have a profile id that belongs to a user id that is equal to the current user.

In my pundit policy, I am trying to write this resolve method:

class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user  = user
      @scope = scope
    end

    def resolve
      if user.has_role?(:admin)
        scope.all
      elsif user.id == @project.profile.user_id
        scope.projects_for_user 
      elsif user.present?
        scope.in_state(:publish)
      else 
        Project.none  
      end
    end
  end

I have tried about 100 different ways of trying to write a scope on my project model that finds projects that belong to a current user. I know I can't use devise's current_user in the model, so I can't use it in a scope. These two are my best attempts- both are wrong.

scope :projects_for_user, -> { joins(:user_id).where('project.profile.user_id = ?', user.id) }

scope :projects_for_user, -> { where(project.profile.user_id: User.id) }

My main problem with learning this is I can't see how to deconstruct this line into different pieces.

From what I can understand the bit before the ":" is the thing you are looking for. The bit after the ":" is the instance you're using when you're running the scope. If that's right, then I'm confused about why my 2nd attempt didn't work (and also very confused about the joins statement in the 1st attempt).

If someone could help with a plain english explanation of how to write scopes, I am confident that I know what I want to look for, just desperately lost on how to write the query to find it.

Currently, when I try to use my project policy (I have tried incorporating Taryn's suggestion below - although I don't understand each component of the scope, so I'm not sure what's going on with it).

class ProjectPolicy < ApplicationPolicy

  attr_reader :user, :record

  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user  = user
      @scope = scope
    end

    def resolve
      if user.has_role?(:admin)
        scope.all
      elsif user.id == @project.profile.user_id
        scope.projects_for_user(user)  
      elsif user.present?
        scope.in_state(:publish)
      else 
        Project.none  
      end
    end
  end


  def index?
    true
  end

  def show?
    true
  end

private
  def project
    record
  end

Project model:

scope :projects_for_user, -> (user){ joins(:user_id).where('project.profile.user_id = ?', user.id) }

In my project controller, I have:

class ProjectsController < ApplicationController

  before_action :set_project, only: [:show, :edit, :update, :destroy ]
  before_action :authenticate_user!

  def index
    @projects = Project.all
    authorize @projects
  end

  def show
    @project = Project.find(params[:id])
    # authorize @project

  end

private
    def set_project
      @project = Project.find(params[:id])
      authorize @project
    end

When I save this and try it, it gives an error which says:

wrong number of arguments (given 2, expected 0)

This error is returned when I try to see an index of projects or a specific project (so I don't think it is to do with the scope). I don't understand which two arguments are being given to know how to go about trying to solve this problem.

ADD STACK TRACE

ArgumentError - wrong number of arguments (given 2, expected 0):
  pundit (1.1.0) lib/pundit.rb:112:in `policy!'
  pundit (1.1.0) lib/pundit.rb:235:in `policy'
  pundit (1.1.0) lib/pundit.rb:194:in `authorize'
  app/controllers/eois_controller.rb:20:in `show'
  actionpack (4.2.4) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
  actionpack (4.2.4) lib/abstract_controller/base.rb:198:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/rendering.rb:10:in `process_action'
  actionpack (4.2.4) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
  activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
  activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
  activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
  activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
  activesupport (4.2.4) lib/active_support/notifications.rb:164:in `block in instrument'
  activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
  activesupport (4.2.4) lib/active_support/notifications.rb:164:in `instrument'
  actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
  searchkick (1.3.0) lib/searchkick/logging.rb:153:in `process_action'
  activerecord (4.2.4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
  actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
  actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
  actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
  actionpack (4.2.4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
  actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in action'
  actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `dispatch'
  actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in `serve'
  actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block in serve'
  actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
  actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in `call'
  omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
  omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
  omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
  omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
  omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
  omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
  omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
  omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
  meta_request (0.4.0) lib/meta_request/middlewares/app_request_handler.rb:13:in `call'
  meta_request (0.4.0) lib/meta_request/middlewares/meta_request_handler.rb:13:in `call'
  warden (1.2.6) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.6) lib/warden/manager.rb:34:in `call'
  rack (1.6.4) lib/rack/etag.rb:24:in `call'
  rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
  rack (1.6.4) lib/rack/head.rb:13:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in `call'
  rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
  rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
  activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
  activerecord (4.2.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
  activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
  activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
  activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  rack-contrib (1.4.0) lib/rack/contrib/response_headers.rb:17:in `call'
  meta_request (0.4.0) lib/meta_request/middlewares/headers.rb:16:in `call'
  web-console (2.3.0) lib/web_console/middleware.rb:28:in `block in call'
  web-console (2.3.0) lib/web_console/middleware.rb:18:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
  railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in `tagged'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `tagged'
  railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
  request_store (1.3.1) lib/request_store/middleware.rb:9:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
  rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
  rack (1.6.4) lib/rack/runtime.rb:18:in `call'
  activesupport (4.2.4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
  rack (1.6.4) lib/rack/lock.rb:17:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in `call'
  rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
  skylight (0.10.6) lib/skylight/middleware.rb:61:in `call'
  railties (4.2.4) lib/rails/engine.rb:518:in `call'
  railties (4.2.4) lib/rails/application.rb:165:in `call'
  rack (1.6.4) lib/rack/content_length.rb:15:in `call'
  puma (3.4.0) lib/puma/configuration.rb:224:in `call'
  puma (3.4.0) lib/puma/server.rb:569:in `handle_request'
  puma (3.4.0) lib/puma/server.rb:406:in `process_client'
  puma (3.4.0) lib/puma/server.rb:271:in `block in run'
  puma (3.4.0) lib/puma/thread_pool.rb:114:in `block in spawn_thread'

Started POST "/__better_errors/123578515c1e4e10/variables" for ::1 at 2016-09-08 13:23:01 +1000

ANALYSIS OF STACK TRACE

The only line of this that I have written myself is the authorize @eoi line in the eois controller (inside the show action). That is a key part of using pundit. The rest of the stack trace is from things I didn't write and don't know how to change.

 app/controllers/eois_controller.rb:20:in `show'

RESPONSE TO POSSIBLE DUPLICATE TAG

The other question also one I posted. They are going to different points. In this post I thought maybe I was writing the scopes wrong (I may have been). In the other post, I tried to set out the whole process to see if someone might have been able to help me understand where I was going wrong.