cancan/cantango 在第一次请求后丢失用户/user_session 和/或角色
Vanilla authlogic/cantango 设置,在返回 [:user] 的测试期间使用硬编码的 roles_list 进行测试。测试 requests.yml 文件:
roles:
user:
can:
manage:
- User
在第一个请求中,user_can?(:manage, User) 执行了我所期望的操作。然而,在随后的请求中,情况不再如此,我的许可也随之消失。
current_user 和 current_user_session 变量在每次请求时都会发生变化;不确定这是否是因为我处于开发环境中并且正在重新加载某些内容,但它让我了解了一些。
ApplicationController 中的实现遵循默认的 authlogic 示例。
如果我加载控制台:
pry(main)> u = User.first
=> #<User id: 2, email: "[email protected]", [...]
pry(main)> a = CanTango::Ability.new u
=> [lots of stuff, available on request]
pry(main)> a.can?(:manage, User.new)
=> true
pry(main)> a.can?(:manage, User.new)
=> true
我尝试根据 cantango 的文档在 cantango.rb 中关闭 cantango 的缓存(以防万一)[...]>
任何提示/提示/指针/源/文档?
Vanilla authlogic/cantango setup, testing with a hard-coded roles_list during test that returns [:user]. Test permissions.yml file:
roles:
user:
can:
manage:
- User
On the first request, user_can?(:manage, User) does what I expect. On subsequent requests, however, it's no longer true, and my permission goes away.
The Duh :/current_user and current_user_session vars change on each request; not sure if that's because I'm in dev environment and something's being reloaded, but it sketches me out a little bit.
Implementation in ApplicationController follows default authlogic examples.
If I load up the console:
pry(main)> u = User.first
=> #<User id: 2, email: "[email protected]", [...]
pry(main)> a = CanTango::Ability.new u
=> [lots of stuff, available on request]
pry(main)> a.can?(:manage, User.new)
=> true
pry(main)> a.can?(:manage, User.new)
=> true
I attempted to turn cantango's caching off (just in case) in cantango.rb per cantango's docs [...]>
Any hints/tips/pointers/source/docs?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果我将 requests.yml 文件更改为以下内容(理论上,这些是角色,而不是用户,但没有来宾角色,我从未在代码中的任何地方引用它,它不起作用),那么大多数情况下都会起作用。
到目前为止我仍然必须关闭缓存。
我暂时放弃cantango;虽然我有大量基于角色的权限需求,但由此造成的麻烦并不值得,而且到目前为止,使用一些相同元技术的更有针对性的解决方案似乎会更干净、更容易。
If I change the permissions.yml file to the following (these are roles, not users, in theory, but w/o the guest role, which I never reference anywhere in my code, it doesn't work) things mostly work.
I still have to leave caching off so far.
I'm abandoning cantango for now; while I have significant role-based permissions needs, the amount of trouble this caused isn't worth it, and so far it seems like a more targeted solution using some of the same meta-techniques will be cleaner and easier.