如何处理项目的权限,显示未经授权的页面来请求访问?
在我的应用程序中,我有具有权限的项目。如果用户拥有某个项目的权限记录,他们就可以查看该项目。如果没有,CanCan 将它们重定向到根目录。
我想做的是,如果用户尝试查看他们不是成员的项目(/project/100),请向他们显示一个允许他们请求加入的页面。
在 CanCan 中,我有以下内容:
if projectid_viewing && current_user.try(:role, projectid_viewing) == 'Member'
can [:read, :members], Project
....
此 CanCan 功能非常适合允许成员查看项目,但非成员会被踢到根目录。有什么好方法来处理这个问题,这样如果非成员尝试查看该项目,他们就会被带到该项目的“请求加入”页面?
有想法吗?谢谢
in my app I have projects which have permissions. If the user has a permission record for a project they can view the project. If not, CanCan redirects them to the root.
What I would like to do is if a user tries to view a project (/project/100) where they are not a member, show them a page that allows them to request to join.
In CanCan, I have the following:
if projectid_viewing && current_user.try(:role, projectid_viewing) == 'Member'
can [:read, :members], Project
....
This CanCan ability works great for allowing members to view the project, but non members are kicked to the root. what's a good way to handle this so if a non-member tries to view the project they are taken to a Request to Join page for that project?
Ideas? Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
假设您在控制器中使用
load_and_authorize_resource,当用户未经授权时,cancan 会抛出异常,您可以捕获它并定义行为。您还可以手动检查控制器中的权限,而不是使用
load_and_authorize_resource您可以在控制器中运行can?,然后在必要时执行重定向。Assuming you're using
load_and_authorize_resourcein your controller, cancan will throw an exception when a user is not authorized, you can catch it and define the behavior.You could also manually check permissions in the controller instead of using
load_and_authorize_resourceyou could runcan?in the controller and then perform the redirect if necessary.