CanCan，设置嵌套资源？

发布于 2024-11-26 15:35:52 字数 954 浏览 2 评论 0原文

我有以下模型：

Group (id)
Poll (id, group_id)
PollVote (id, poll_id)

我不想进行深度嵌套，这意味着我不想 /group/:id/poll/:id/poll_vote/:id

我想设置它，所以我的路线：

/group/:id
/poll/:id
/poll/:id/poll_vote/:poll_vote_id

我有 poll工作，但我不知道如何让 PollVote 工作...到目前为止，我有：

class PollVotesController < ApplicationController

  # Authorization w Devise & CanCan
  before_filter :authenticate_user! # Devise, signed in users only
  load_and_authorize_resource :poll # CanCan
  load_and_authorize_resource :poll_vote, :through => :poll

  # We need to pass along the wall
    def current_ability
        @current_ability ||= Ability.new(current_user, @poll.group_id)
    end

然后在能力.rb 中

can [:manage], Poll do |poll|
    This returns TRUE is the user is a group member of the poll
end

我在 PollVotes 中使用什么，让 PollVotes 使用 Poll 检查 CanCan？

谢谢

原文

I have the following models:

Group (id)
Poll (id, group_id)
PollVote (id, poll_id)

I don't want to do deep nesting, meaning I don't want /group/:id/poll/:id/poll_vote/:id

I want to set it up so my routes:

/group/:id
/poll/:id
/poll/:id/poll_vote/:poll_vote_id

I have poll working, but I can't figure out how to get PollVote working... So far I have:

class PollVotesController < ApplicationController

  # Authorization w Devise & CanCan
  before_filter :authenticate_user! # Devise, signed in users only
  load_and_authorize_resource :poll # CanCan
  load_and_authorize_resource :poll_vote, :through => :poll

  # We need to pass along the wall
    def current_ability
        @current_ability ||= Ability.new(current_user, @poll.group_id)
    end

Then in ability.rb

can [:manage], Poll do |poll|
    This returns TRUE is the user is a group member of the poll
end

What do I use in PollVotes, to have PollVotes check CanCan using Poll?

Thanks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

从﹋此江山别 2024-12-03 15:35:52

您尚未向用户显示<->组关联，因此如果 User has_and_belongs_to_many :groups 则：

can :manage, [ Poll ] { |poll| user.groups.include?(poll.group) }

当然，您可能希望将其锁定为仅与用户关联的投票。

编辑 - 以下是限制创建和编辑投票的访问权限的示例：

can :read, PollVote # not needed if you have e.g. can :read, :all
can :create, [ PollVote ] { |poll_vote| user.groups.include?(poll_vote.poll.group) }
can [ :edit, :destroy ], [ PollVote ] { |poll_vote| poll_vote.user_id == user.id }

You haven't shown your User <-> Group association, so if User has_and_belongs_to_many :groups then:

can :manage, [ Poll ] { |poll| user.groups.include?(poll.group) }

Of course, you probably want to lock that down to only votes associated with the user.

Edit - here are examples for restricting access to creating and editing poll votes:

can :read, PollVote # not needed if you have e.g. can :read, :all
can :create, [ PollVote ] { |poll_vote| user.groups.include?(poll_vote.poll.group) }
can [ :edit, :destroy ], [ PollVote ] { |poll_vote| poll_vote.user_id == user.id }

回复收藏 0 原文

~没有更多了~