CanCan多态资源访问问题

发布于 2024-10-12 07:54:27 字数 1738 浏览 9 评论 0原文


我不太明白如何在这种特殊情况下使用 CanCan 限制对链接的访问。我总是显示“编辑”链接。 所以我相信问题出在我对cancan方法(load_和authorize_)的错误定义。 我有这样的 CommentsController:

class CommentsController < ApplicationController
  before_filter :authenticate_user!
  load_resource :instance_name => :commentable
  authorize_resource :article
  def index
    @commentable = find_commentable #loading our generic object
  end

......

  private

  def find_commentable               
    params.each { |name, value|
      if name =~ /(.+)_id$/
        return $1.classify.constantize.includes(:comments => :karma).find(value)
      end }
  end
end

并且我在 comments/index.html.erb 中有以下从其他控制器渲染文件的代码:

<%= render :file => "#{get_commentable_partial_name(@commentable)}/show.html.erb", :collection => @commentable %>

在这种情况下,您可以将“#{get_commentable_partial_name(@commentable)}”视为“文章”。 “articles/show.html.erb”的内容:

<% if can? :update, @commentable %>
    <%= link_to 'Edit', edit_article_path(@commentable) %> |
<% end %>

我的能力.rb:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user

    if user.role? :admin
      can :manage, :all
    elsif user.role? :author
        can :read, [Article, Comment, Profile]
        can :update, Article, :user_id => user.id
    end
  end
end

我尝试过像这样调试这个问题

user = User.first
article = Article.first
ability = Ability.new(user)
ability.can?(:update, article)

,并且我总是在能力检查中得到“=> true”

注意:user.role ==作者和article.user_id != user.id

如果您需要更多信息,请写信

感谢您的时间 &&对不起我的英语

i don't quite understand how to restrict access to links in this particular case with CanCan. I always get "Edit" link displayed.
So i believe the problem is in my incorrect definition of cancan methods(load_ and authorize_).
I have CommentsController like that:

class CommentsController < ApplicationController
  before_filter :authenticate_user!
  load_resource :instance_name => :commentable
  authorize_resource :article
  def index
    @commentable = find_commentable #loading our generic object
  end

......

  private

  def find_commentable               
    params.each { |name, value|
      if name =~ /(.+)_id$/
        return $1.classify.constantize.includes(:comments => :karma).find(value)
      end }
  end
end

and i have in comments/index.html.erb following code that render file from other controller:

<%= render :file => "#{get_commentable_partial_name(@commentable)}/show.html.erb", :collection => @commentable %>

you can think about "#{get_commentable_partial_name(@commentable)}" like just "articles" in this case.
Content of "articles/show.html.erb":

<% if can? :update, @commentable %>
    <%= link_to 'Edit', edit_article_path(@commentable) %> |
<% end %>

my ability.rb:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user

    if user.role? :admin
      can :manage, :all
    elsif user.role? :author
        can :read, [Article, Comment, Profile]
        can :update, Article, :user_id => user.id
    end
  end
end

i have tried debug this issue like that

user = User.first
article = Article.first
ability = Ability.new(user)
ability.can?(:update, article)

and i always get "=> true" in ability check

Note: user.role == author and article.user_id != user.id

if you need more information please write

thank's for your time && sorry for my english

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

凉世弥音 2024-10-19 07:54:27

好吧,我弄清楚了,在ability.rb中重新确定了规则,所以现在的顺序就像客人->作者->主持人->管理员,问题就解决了。我相信问题的根源在于康康逻辑,它假设我需要重新定义规则或按照我之前展示的顺序进行操作

okay i figure it out, redetermined rules in ability.rb so now order is like guest->author->moderator->admin and problem is solved. I believe root of problem was in cancan logic which assumes that i need to redefine rules or do it in order i've show before

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文