定义对 Devise User 模型的基于角色的访问
谁能指出我有关此的文档?
我在 Rails3 应用程序中使用 Devise + CanCan,并设置 Talent.rb。
我想根据用户的角色限制对编辑/删除用户路径的访问。通常,Ability.rb 会类似于:
def initialize(user)
if user.role? :moderator
can :manage, User
end
end
但在视图中,我使用设计注册路径进行编辑/删除:
<% if can? :update, @user %>
<%= link_to 'Edit', edit_user_registration_path(@user) %> |
<% end %>
“can:manage,User”似乎不适用于这些路径,并且无论角色如何,它们都保持隐藏状态。
如果我使用“can :manage, :all”,则主持人用户可以访问这些路径。
因此,“用户”显然不是正确的管理模型。我尝试过“设计”和“注册”,但没有成功。
我应该使用什么值 - “can :manage, ????” - 我在哪里可以找到解释原因的文档?
谢谢您的指点!
Can anyone point me towards documentation on this?
I'm using Devise + CanCan in a Rails3 app, and setting up Ability.rb.
I want to restrict access to the edit/ delete User paths, depending on the user's role. Normally Ability.rb would be something like :
def initialize(user)
if user.role? :moderator
can :manage, User
end
end
But in the views I'm using the Devise registration paths for edit/ delete:
<% if can? :update, @user %>
<%= link_to 'Edit', edit_user_registration_path(@user) %> |
<% end %>
"can :manage, User" doesn't seem to apply to these paths, and they remain hidden irrespective of role.
If I use "can :manage, :all", then these paths can be accessed by the moderator user.
So, "User" clearly isn't the correct model to manage. I've tried "Devise" and "Registration", to no avail.
What value should I be using - "can :manage, ????" - and where can I find documentation to explain why?
Thank you for any pointers!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您所面临的问题,我在上一个项目中也遇到过。
这个链接将为您提供所有答案。
Rails-authentication-with-devise-and-cancan-restful-resources-for-administrators
希望有帮助。
The problems you are facing, I faced them back in my last project.
This link will get you all your answers.
Rails-authentication-with-devise-and-cancan-restful-resources-for-administrators
Hope it helps.