Rails3 - CanCan - 未初始化常量能力::页面

发布于 2024-10-11 19:41:00 字数 1332 浏览 2 评论 0原文

我刚刚将 cancan 1.5.0 添加到我的 Rails 3 应用程序中，这是我的能力文件 -

def initialize(user)
 user ||= User.new

if user.role == 'Admin'
  can :manage, :all
end
if user.role == 'Standard'
  can :manage, Library
  can :manage, Page
else
  can :manage, Page
  can :manage, Library
end

我有一个自定义类（非静态函数）

class PagesController < ApplicationController
 authorize_resource :class => false

 def home
 end
end

如您所见，我正在为非静态类使用正确的函数，但我仍然得到这个错误 -

uninitialized constant Ability::Page

这是堆栈跟踪的开头 -

app/models/ability.rb:16:in `initialize'
cancan (1.5.0) lib/cancan/controller_additions.rb:327:in `new'
cancan (1.5.0) lib/cancan/controller_additions.rb:327:in `current_ability'
cancan (1.5.0) lib/cancan/controller_additions.rb:308:in `authorize!'
cancan (1.5.0) lib/cancan/controller_resource.rb:40:in `authorize_resource'
cancan (1.5.0) lib/cancan/controller_resource.rb:9:in `block in add_before_filter'
activesupport (3.0.3) lib/active_support/callbacks.rb:436:in `   _run__1386450187816505438__process_action__15559788756486462__callbacks'
activesupport (3.0.3) lib/active_support/callbacks.rb:409:in `_run_process_action_callbacks'
activesupport (3.0.3) lib/active_support/callbacks.rb:93:in `run_callbacks'

谢谢，亚历克斯

原文

I have just added cancan 1.5.0 to my rails 3 app here is my ability file -

def initialize(user)
 user ||= User.new

if user.role == 'Admin'
  can :manage, :all
end
if user.role == 'Standard'
  can :manage, Library
  can :manage, Page
else
  can :manage, Page
  can :manage, Library
end

I have a custom class (non-restful functions)

class PagesController < ApplicationController
 authorize_resource :class => false

 def home
 end
end

As you can see I am using the correct function for a not restful class but I am still getting this error -

uninitialized constant Ability::Page

Here is the beginning of the stacktrace -

app/models/ability.rb:16:in `initialize'
cancan (1.5.0) lib/cancan/controller_additions.rb:327:in `new'
cancan (1.5.0) lib/cancan/controller_additions.rb:327:in `current_ability'
cancan (1.5.0) lib/cancan/controller_additions.rb:308:in `authorize!'
cancan (1.5.0) lib/cancan/controller_resource.rb:40:in `authorize_resource'
cancan (1.5.0) lib/cancan/controller_resource.rb:9:in `block in add_before_filter'
activesupport (3.0.3) lib/active_support/callbacks.rb:436:in `   _run__1386450187816505438__process_action__15559788756486462__callbacks'
activesupport (3.0.3) lib/active_support/callbacks.rb:409:in `_run_process_action_callbacks'
activesupport (3.0.3) lib/active_support/callbacks.rb:93:in `run_callbacks'

Thanks, Alex

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

秋意浓 2024-10-18 19:41:00

CanCan 文档将 can 方法描述为：

can 方法用于定义权限，需要两个参数。第一个是您要设置权限的操作，第二个是您要设置权限的对象类。

因此，问题在于您的系统中没有供 CanCan 管理访问的 Page 类。

请注意，CanCan 的构建如下：（重点是我添加的）

Ruby on Rails 的授权库，用于限制给定用户可以访问的资源。

因此，如果您的目标是控制没有附加 Rails 资源的抽象概念，那么您可能会很难使用 CanCan

回复收藏 0 原文

久光 2024-10-18 19:41:00

请注意现在发现此内容的任何人...

您可以授权任何非静态控制器、抽象类和方法..

示例：

/app/models/role_ability.rb

class RoleAbility
   def initialize(user)
     user ||= User.new

     if user.role == 'Admin'
      can :manage, Post      # some existing resource_authorisation
      can :do_this, :on_this # authorizing a non resource    
     end
   end
end

:do_this 和 :on_this 完全是任意的，但它们必须匹配授权！控制器中的参数就像这样...

class Controller < ApplicationController
   def some_abstract_method
      ### Awesome method code goes here

      authorize! :do_this, :on_this
   end
end

只要记住，您可能已经在 ApplicationController 中进行了一些资源授权，也许像这样

class ApplicationController 
   authorize_resource || authorize! :admin, Object || load_and_authorize_resource etc
end

，所以请记住在非静态/抽象控制器中跳过_authorize_resource

class AbstractController < ApplicationController

   skip_authorize_resource

   def some_abstract_method
      authorize! :do_this, :on_this
   end
end

现在管理员可以 :do_this, :on_this并会很好地授权。您可能想要更语义地命名该能力，只是想强调任意性。

这都是使用Cancan 1.5，之前没有尝试过任何东西。

来自 https://github.com/ryanb/cancan/wiki/Non-RESTful-Controllers

Just a note to anyone finding this now on...

You can authorise any non-restful controller, abstract classes and methods..

Example:

/app/models/role_ability.rb

class RoleAbility
   def initialize(user)
     user ||= User.new

     if user.role == 'Admin'
      can :manage, Post      # some existing resource_authorisation
      can :do_this, :on_this # authorizing a non resource    
     end
   end
end

:do_this and :on_this are completly arbitrary but they must match the authorize! params in the controller like so...

class Controller < ApplicationController
   def some_abstract_method
      ### Awesome method code goes here

      authorize! :do_this, :on_this
   end
end

Just remember that chances are you probably already have some resource authorization happening from within the ApplicationController maybe like this

class ApplicationController 
   authorize_resource || authorize! :admin, Object || load_and_authorize_resource etc
end

so remember to skip_authorize_resource in your non-restful/abstract controller

class AbstractController < ApplicationController

   skip_authorize_resource

   def some_abstract_method
      authorize! :do_this, :on_this
   end
end

Now an admin can :do_this, :on_this and will authorize nicely. You would probably want to name the ability a bit more semantically, just wanted to emphasize the arbitrary-ness.

This is all using Cancan 1.5, haven't tried on anything earlier.

From https://github.com/ryanb/cancan/wiki/Non-RESTful-Controllers

回复收藏 0 原文

~没有更多了~