I'm using Cancan and MetaSearch.
I have a index action in a controller that when submitted the field that acts as a constrain in Cancan inhibit the "where" condition that should be placed by MetaSearch. This happens when using scopes with search_methods.
Example:
I do have a model named Area that has a belongs_to relationship with Enterprise and in the ability.rb (rules to Cancan) has a constraint in the field enterprise_id like this:
can :manage, Area, :enterprise_id => Enterprise.where(bla-bla-bla)
In Area model there is a scope named :em with the clause search_methods :em
search_methods :em
scope :em, lambda {|date| where('? between areas.date_begins and areas.date_ends or (? >= areas.date_begins and areas.data_ends is null)', date, date) }
When I try to list Areas in AreasController's :index action selecting a enterprise_id_equals (3) and date equals to '2011-05-20', it should construct a SQL statement like this:
SELECT areas
.* FROM areas
WHERE areas
.enterprise_id
IN (3, 4, 6) AND areas
.enterprise_id
= 3 AND ('2011-05-20' between areas.date_begins and areas.date_ends or ('2011-05-20' >= areas.date_begins and areas.date_ends is null)) ORDER BY classificacao LIMIT 15 OFFSET 0
The condition areas
.enterprise_id
IN (3, 4, 6) is placed by Cancan. The condition areas
.enterprise_id
= 3 should be placed by MetaSearch as I selected the Enterprise 3 as filter.
But, what happens is:
SELECT areas
.* FROM areas
WHERE areas
.enterprise_id
IN (3, 4, 6) AND ('2011-05-20' between areas.date_begins and areas.date_ends or ('2011-05-20' >= areas.date_begins and areas.date_ends is null)) ORDER BY classificacao LIMIT 15 OFFSET 0
The where clause condition areas
.enterprise_id
= 3 is not placed in the SQL command, resulting in a no wanted result. Instead of Area of the Enterprise 3, is listed Areas from all Enterprises I do have access.
This happens only when I do use scopes with search_methods.
Best regards.