CanCan 正在限制发现的数据
我在订购应用程序中使用 Cancan、Devise、Rails 3。
每个用户通过协议拥有多家公司。每个公司也通过协议拥有许多用户。
在我的能力模型中,我有以下内容:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role? :super
can :manage, :all
elsif user.role? :admin
can :manage, [User, Company, Order]
elsif user.role? :tech
can :manage, [User, Company, Tech]
elsif user.role? :customer_admin
can [:read, :update], User, :id => user.id
can [:read, :update], Company, :id => user.id
can [:read ], Order, :id => user.id
end
end
end
当 customer_admin 登录时,我一直试图仅向他们显示与其关联的公司。在公司视图中,我可以很好地看到用户列表。
在我的公司控制器(索引)中,我尝试这样做:
@usercompanies = Company.where(['user_id = ?', current_user.id ])
但是,这列出了错误的公司?!
我确信这是一个愚蠢的新手错误,但非常感谢您的帮助。如果您还需要任何其他信息,请告诉我。
I'm using Cancan, Devise, Rails 3 for my ordering application.
Each user has many companies through agreements. Each company also has many users through agreements.
In my ability model, I have the following:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role? :super
can :manage, :all
elsif user.role? :admin
can :manage, [User, Company, Order]
elsif user.role? :tech
can :manage, [User, Company, Tech]
elsif user.role? :customer_admin
can [:read, :update], User, :id => user.id
can [:read, :update], Company, :id => user.id
can [:read ], Order, :id => user.id
end
end
end
When a customer_admin logs in, I've been trying to show them only the companies they're associated with. In the company views, I can see the list of users just fine.
In my companies controller (index), I've tried doing this:
@usercompanies = Company.where(['user_id = ?', current_user.id ])
However, this lists the wrong company?!
Am sure this is a silly newbie mistake but would appreciate your help. If you need anything else, let me know.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以非常快速地使用康康舞添加限制,而我第一次必须设置它时也感到困惑。有关设置的文档位于此处。作为参考,您希望控制器中的索引操作看起来像这样:
但是在最新版本的 gem 中,这应该在索引操作上自动完成。我认为您的 能力.rb 中有错误,因为当您有一条记录并将其与用户关联时,它通常有一个名为 user_id 的列。您可能希望像这样使用它:
因为属性
id通常用作记录的唯一 id,而不是 关联。You can add restrictions with cancan very quickly and it was puzzling the first time I had to set it up as well. The documentation for setting this up is here. And just as a reference you want to make your index action in your controller look something like this:
However in the latest version of the gem this should be done automatically on the index action. I think that you have a mistake in your
abilities.rbbecause when you have a record and you assoicate it with a user it usually has a collumn called user_id. You would want to use that like so:Since the attribute
idnormally is used as the unique id of the record and not the id of the association.