Cancan 授权子状态
我的设置:Rails 3.0.9、Ruby 1.9.2、Cancan 1.6.5
我的模型:
class User
has_many :projects
class Project
has_many :tasks
belongs_to :user
class Task
belongs_to :project
ability.rb
can :manage, Task, :project => { :user_id => user.id }
我需要的是仅允许访问 task if user和 project 已获得授权,并且 project 具有由 project 实例方法(例如 active?)确定的特定状态(我有不让它只是一个原因 属性)。指定能力的语法是什么?
My setup: Rails 3.0.9, Ruby 1.9.2, Cancan 1.6.5
My models:
class User
has_many :projects
class Project
has_many :tasks
belongs_to :user
class Task
belongs_to :project
ability.rb
can :manage, Task, :project => { :user_id => user.id }
What I need is to only allow access to a task if user and project are authorized and project has a certain status determined by a project instance method like active? (I have a reason for not making it just an attribute). What's the syntax for specifying the ability?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于访问是通过调用方法(在运行时)提供的,因此您必须 定义该能力通过块。这适用于实例,并且对于类似索引的操作,您必须自己设计查询。
Since access is given by calling a method (at runtime) you must define the ability via blocks. That will work for instances, and for index-like actions, you must engineer the query yourself.