关于 Rails declarative_authorization 的帮助
我根本无法执行这条规则...它允许任何人执行此操作。
这是我的规则
role :student do
has_permission_on :relationships do
to :index
if_attribute :student_id=> is {user.student.id}
end
end
这是我的控制器操作
class RelationshipsController < ApplicationController
filter_resource_access :nested_in => :students
def index
@guardians = @student.guardians
end
我知道我已正确设置它,因为该规则工作正常
has_permission_on :students do
to :show
if_attribute :id => is {user.student.id}
end
我的规则定义中的错误在哪里?
请帮忙
I cant get this rule to be enforced at all... it allows anyone to get to this action.
Here's my rule
role :student do
has_permission_on :relationships do
to :index
if_attribute :student_id=> is {user.student.id}
end
end
Heres my controller action
class RelationshipsController < ApplicationController
filter_resource_access :nested_in => :students
def index
@guardians = @student.guardians
end
I know I have it set up correctly cause this rule is working fine
has_permission_on :students do
to :show
if_attribute :id => is {user.student.id}
end
Where is the error in my rule definition?
Please Help
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
很难测试,但试试这个:
It's hard to test, but try this: