CanCan多态资源访问问题
我不太明白如何在这种特殊情况下使用 CanCan 限制对链接的访问。我总是显示“编辑”链接。 所以我相信问题出在我对cancan方法(load_和authorize_)的错误定义。 我有这样的 CommentsController:
class CommentsController < ApplicationController
before_filter :authenticate_user!
load_resource :instance_name => :commentable
authorize_resource :article
def index
@commentable = find_commentable #loading our generic object
end
......
private
def find_commentable
params.each { |name, value|
if name =~ /(.+)_id$/
return $1.classify.constantize.includes(:comments => :karma).find(value)
end }
end
end
并且我在 comments/index.html.erb 中有以下从其他控制器渲染文件的代码:
<%= render :file => "#{get_commentable_partial_name(@commentable)}/show.html.erb", :collection => @commentable %>
在这种情况下,您可以将“#{get_commentable_partial_name(@commentable)}”视为“文章”。 “articles/show.html.erb”的内容:
<% if can? :update, @commentable %>
<%= link_to 'Edit', edit_article_path(@commentable) %> |
<% end %>
我的能力.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role? :admin
can :manage, :all
elsif user.role? :author
can :read, [Article, Comment, Profile]
can :update, Article, :user_id => user.id
end
end
end
我尝试过像这样调试这个问题
user = User.first
article = Article.first
ability = Ability.new(user)
ability.can?(:update, article)
,并且我总是在能力检查中得到“=> true”
注意:user.role ==作者和article.user_id != user.id
如果您需要更多信息,请写信
感谢您的时间 &&对不起我的英语
i don't quite understand how to restrict access to links in this particular case with CanCan. I always get "Edit" link displayed.
So i believe the problem is in my incorrect definition of cancan methods(load_ and authorize_).
I have CommentsController like that:
class CommentsController < ApplicationController
before_filter :authenticate_user!
load_resource :instance_name => :commentable
authorize_resource :article
def index
@commentable = find_commentable #loading our generic object
end
......
private
def find_commentable
params.each { |name, value|
if name =~ /(.+)_id$/
return $1.classify.constantize.includes(:comments => :karma).find(value)
end }
end
end
and i have in comments/index.html.erb following code that render file from other controller:
<%= render :file => "#{get_commentable_partial_name(@commentable)}/show.html.erb", :collection => @commentable %>
you can think about "#{get_commentable_partial_name(@commentable)}" like just "articles" in this case.
Content of "articles/show.html.erb":
<% if can? :update, @commentable %>
<%= link_to 'Edit', edit_article_path(@commentable) %> |
<% end %>
my ability.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role? :admin
can :manage, :all
elsif user.role? :author
can :read, [Article, Comment, Profile]
can :update, Article, :user_id => user.id
end
end
end
i have tried debug this issue like that
user = User.first
article = Article.first
ability = Ability.new(user)
ability.can?(:update, article)
and i always get "=> true" in ability check
Note: user.role == author and article.user_id != user.id
if you need more information please write
thank's for your time && sorry for my english
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我弄清楚了,在ability.rb中重新确定了规则,所以现在的顺序就像客人->作者->主持人->管理员,问题就解决了。我相信问题的根源在于康康逻辑,它假设我需要重新定义规则或按照我之前展示的顺序进行操作
okay i figure it out, redetermined rules in ability.rb so now order is like guest->author->moderator->admin and problem is solved. I believe root of problem was in cancan logic which assumes that i need to redefine rules or do it in order i've show before