From 4f312d7c2128bbb5df15de2104095d58edb6aef9 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Tue, 25 Oct 2016 10:35:19 +0800
Subject: [PATCH] policy scope has_many relationships

---
 app/serializers/api/v2/application_serializer.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/serializers/api/v2/application_serializer.rb b/app/serializers/api/v2/application_serializer.rb
index 2d7c1b9a..6de4d534 100644
--- a/app/serializers/api/v2/application_serializer.rb
+++ b/app/serializers/api/v2/application_serializer.rb
@@ -32,9 +32,11 @@ module Api
           if attr.to_s.pluralize == attr.to_s
             attribute("#{attr.to_s.singularize}_ids".to_sym,
                       opts.merge(unless: -> { embeds.include?(key) })) do
-              object.send(attr).map(&:id)
+              Pundit.policy_scope(scope[:current_user], object.send(:topics)).map(&:id)
+            end
+            has_many(attr, opts.merge(if: -> { embeds.include?(key) })) do
+              Pundit.policy_scope(scope[:current_user], object.send(:topics))
             end
-            has_many(attr, opts.merge(if: -> { embeds.include?(key) }))
           else
             id_opts = opts.merge(key: "#{key}_id")
             attribute("#{attr}_id".to_sym,