Rails 3 - CanCan - 定义创建权限
我的附件控制器中有以下内容,
def upload
@attachment = Attachment.build(:swf_uploaded_data => params[:attachment][:attachment], :user_id => current_user.id, :project_id => params[:space_id])
....
end
我希望 CanCan 只允许用户上传到他们所属的project_id。我确认控制器正在获取正确的信息,没有 nils
这是我的 cancan:
can :upload, Attachment do |attachment|
Rails.logger.info 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX- include CanCan::Ability - ATTACHMENT'
Rails.logger.info attachment.inspect
Rails.logger.info attachment.project
current_user.try(:role, attachment.space)
end
这里的问题是该附件。为零,并且attachment.project 为零?如何使用 CanCan 解决此问题,以便我可以确保只有项目团队成员才能将附件上传到项目?
谢谢
I have the following in my controller for Attachment
def upload
@attachment = Attachment.build(:swf_uploaded_data => params[:attachment][:attachment], :user_id => current_user.id, :project_id => params[:space_id])
....
end
What I'd like from CanCan is to only allow users to upload to a project_id they belong to. I confirmed the controller is getting the correct info, no nils
Here is my cancan:
can :upload, Attachment do |attachment|
Rails.logger.info 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX- include CanCan::Ability - ATTACHMENT'
Rails.logger.info attachment.inspect
Rails.logger.info attachment.project
current_user.try(:role, attachment.space)
end
Problem here, is that attachment. is nil, and attachment.project is nil? How do you solve for this issue with CanCan so I can make sure only project teammembers can upload attachments to the project?
Thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为最好的方法是使用控制器操作的
authorize!方法在较低级别执行此操作。所以...
让我知道这是否适合您。
I think the best approach it to do it at a lower level with the
authorize!method that the Controller action.So ...
Let me know if that works for you.
例如,如果您只想允许为当前循环创建事件:
您可以在视图中使用
,然后在控制器中使用
For example if you want to allow create events for current loop only:
You use in the view
and then in controller