Rails + CanCanCan authorize :create based on parent object id sent in the url

Question

I feel like this should be super simple but it's not working as I thought it should.

I need to be able to have the new & create method of a controller allowed for a new object, based on the parent object being correct. Meaning the reference to the parent must be there and you must have the parent objects user id set correctly.

So given a couple objects like this;

class Resource < ApplicationRecord
  belongs_to :user
  has_many :resource_addendums
end

class ResourceAddendum < ApplicationRecord
  belongs_to :resource
end

Then the abilities and this is where I am unsure of how to go about this:

  ...
  can :manage, Resource, user_id: user.id
  can :create, ResourceAddendum, resource: { user_id: user.id }
  ...

Is that last line correct? That feels correct but not sure how to set it up in the controller to reference the parent on a new object that's being sent via the url

The URL for the resource addendum is passing the resource id:

http://localhost:3000/resource-addendum/new?resource_id=123456

This fails and says we don't have permission because (and I'm assuming here) the Resource isn't being loaded into the new ResourceAddendum?

What's the correct way in the ability file and in the controller for resource addendums to make sure that the resource is correctly set?

Thanks

EDIT -- Adding controller action per request:

I just did this for the controller which I'm sure is entirely inadequate;

class ResourceAddendumController < ApplicationController
  before_action :authenticate_user!
  load_and_authorize_resource

  def new
  end
...
end

For the :new action, how do I preset the resource value on the resource_addendum that hasn't been created yet but should be generated by the load_and_authorize_resource method based on the resource_id param?