How about:
can :manage, Company do |company|
user.has_role? :operator, company
end
can :manage, Code do |code|
user.has_role? :operator, code.company
end
If you didn't use block syntax for the can definition you could use load_and_authorize_resource in your CodesController to filter the index to only those that are accessible to the current user.
Update Because this used the block syntax CanCan can't use determine which objects to load with load_resource (since it wants to use SQL syntax). If you can rewrite it to not use a block syntax then you'll be good. If you have to use the role type logic you can add code similar to the following in your index method in your controller:
@codes = Code.all.select {|code| can?(:manage, code)}
or if you want to bypass the ability in this case for efficiency
@codes = Company.with_role(:operator, @current_user).codes