Better `build_instance` support in the `authorize` branch

[nathancolgate]

Use Case

Our application allows users to create employees within their organization. Authorization is handled by the CanCanCan gem. The ability file reads:

can :manage, Employee, organization: user.organizations.find(Current.organization.id)

Challenge

When a user clicks the "New" button, they are redirected back with a "Not Authorized" alert. This is because the new employee does not yet belong to the users organization.

Workaround

We monkey patched the build_instance adapter for Active Record to use CanCanCan's accessible_by method. This sets the organization association for us.

# This monkey patch allows us to build new instances using
# CanCanCan's ability. This presets the organization for
# most records in this application.
module Trestle
  module Adapters
    module ActiveRecordAdapter
      def build_instance(attrs={}, params={})
        model.accessible_by(current_ability).new(attrs)
      end
    end
  end
end

Observations

accessible_by is already being used in the CanCanAdapter class for the scope method:

      def scope(collection)
        collection.accessible_by(ability)
      end

It would be great if the adapter also updated the build_instance to take advantage of this method.