Rails - CanCan - 基本问题
如何从模型中使用 CanCan?
假设我有这样的关系:员工属于_商店,老板管理_许多(有_许多)商店。我究竟如何使用 CanCan (正确的方法)来限制每个特定老板的访问权限,使其只能读取或更新属于其特定商店的员工等?
非常感谢哪位能解答! :)
How can I use CanCan from a Model?
Let's say I have a relationship like this: Employee belongs_to Store, and Boss manages_many (has_many) Stores. How exactly do I use CanCan (the right way) to restrict each particular boss's access to be able to only read or update etc employees that belong to his particular store?
Many thanks to whomever can answer! :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您不应在模型中使用 CanCan。该模型不知道谁在发出请求,CanCan 的全部目的是处理请求的授权(这发生在控制器层)。
请告诉我您想在模型中使用 CanCan 做什么,我将尽力帮助您找到一种通过控制器执行此操作的方法(以及为什么您应该这样做的理由) 。
You should not use CanCan in a model. The model doesn't know about who is making a request, and the entire point of CanCan is to handle authorization of requests (which happens in the controller layer).
Please tell me what it is that you are wanting to do with CanCan in your Model, and I'll do my best to help you find a way to do this through the controller (and the rationale for why you should do it this way).
您可能想尝试这个插件: Fat Model Auth
模型的所有规则都在模型本身上定义。
You might want to try this plugin: Fat Model Auth
All rules for a model are defined on the model itself.