Declarative_Authorization nested rules

Question

My models are setup as

Film :has_many :sections

Section :belongs_to :film

within my authorization_rules.rb I have

role :author do
    has_permission_on :films, :to => [:edit. :update] do
      if_attribute :user => is {user}
    end
end

Which works fine when editing the film as their is a user_id field within film.

Can I nest rules for :sections within the has-permission-on do block? There is no user_id within sections, and I'd rather not add one as it seems redundant if the section belongs_to a film that already has one.

Answer 1

Yes you can nest them,

has_permission_on [:films], :to => [ :edit, :update] do
  if_attribute :user => is {user}
  has_permission_on :sections, :to => [:update, :edit]
end