How do we go about authorizing associations when creating and updating records with pundit in rails.
For example if we're updating a comment record that belongs to a post, we need to make sure the user has the permission to access that post or else it's a security breach.
Inside the create action you can do like:
def create
authorize @comment.post # this checks the authorization of Post
authorize @comment # and then for comment
#.. then code to create the comment
end