Simply I explain it here. The question is how can I authorize nested resource with mongoid? Suppose that I have a Project model and a Project::Task model. Project has many Project::Task. I want to authorize Project::Task on controller level and do not want to show another Project's task. So basically I do below to handle it:
load_and_authorize_resource :project, class: Project
load_and_authorize_resource :task, through: :project_id, class: Project::Task
But this does not work. It always throws 403. What is the proper way to do this?