Returns a scope which fetches only the records that the passed ability can
perform a given action on. The action defaults to :index. This is usually
called from a controller and passed the current_ability
.
@articles = Article.accessible_by(current_ability)
Here only the articles which the user is able to read will be returned. If the user does not have permission to read any articles then an empty result is returned. Since this is a scope it can be combined with any other scopes or pagination.
An alternative action can optionally be passed as a second argument.
@articles = Article.accessible_by(current_ability, :update)
Here only the articles which the user can update are returned.
# File lib/cancan/model_additions.rb, line 22 def accessible_by(ability, action = :index) ability.model_adapter(self, action).database_records end