:show

Notes

Basic Find: We simply fetch the item by ID. This is the primary task of the show action.
Scope to Company: We ensure that the item indeed belongs to the current company to prevent unauthorized access.
Role-based Restrictions: For users with certain roles (like "manager"), we further restrict access based on the associated projects.
Concerns and Other: While the show action is usually less complex than index, there's still room for reusable logic, hooks, or other utilities that you might want to include in the future.

Example Setup:

class ItemsController < ApplicationController
  include QueryParamsProcessor

  def show

    # LOCAL HANDLING
    ##################
    
    # Basic find by ID
    @item = Item.find(params[:id])

    # Scope to the item's company for security
    unless @item.company == get_current_company
      return render json: { error: 'Unauthorized' }, status: :unauthorized
    end

    # Role-based restrictions
    if @current_user_role == "manager"
      unless @item.projects.exists?(id: @current_user.project_ids)
        return render json: { error: 'Unauthorized' }, status: :unauthorized
      end
    end
    
    # ABSTRACTED/REUSABLE HANDLING (e.g. Concerns, etc.)
    ##################
    
    # CONCERNS
    # No specific concerns for "show" at the moment
    
    # OTHER (?)
    # Potential hooks for analytics/logging, etc.


    # EXECUTE & RESPOND
    ##################
    
    render json: @item
  end

  # ... Other actions ...

end

Previous:index Next:create

Last updated 1 year ago