model add scope

app/models/ability.rb

@@ -1,6 +1,7 @@
 class Ability
   include CanCan::Ability
   D_ENUM =  []
+
   def initialize(user)
     # Define abilities for the passed in user here. For example:
     #
@@ -11,10 +12,7 @@ class Ability
     #     can :read, :all
     #   end
     if user
-      departs = DepartRecord.find_by_sql("select id from depart_records ")
-      departs.each do |dep|
-        D_ENUM.push(dep.id)
-      end
+
       can :dashboard # allow access to dashboard
       can :access, :rails_admin # only allow admin users to access Rails Admin
       cannot :history, :all
@@ -32,6 +30,11 @@ class Ability
       else
         user.permissions.each do |permission|
           if permission.model=="Order"
+            D_ENUM.clear
+              departs = DepartRecord.find_by_sql("select id from depart_records ")
+              departs.each do |dep|
+                D_ENUM.push(dep.id)
+              end
             can :update, Order, :depart => D_ENUM
             can :read, Order, :depart => D_ENUM
           else