在控制器方法中使用 access_control 设置用户访问规则以保护隐私
目前,我已经对控制器中的两个操作进行了访问控制:
access_control [:show, :index] => 'view_questions',
[:new, :create] => 'create_questions'
但现在,如果我禁用查看问题,用户仍然必须能够创建问题并查看自己的问题。如何修改访问控制设置,以便在用户禁用 'view_questions' 的情况下,他仍然可以查看他的问题?
我想以这样的方式修改动作显示,如果 'view_questions' 被禁用,他仍然必须能够查看他的问题。
Currently I have given access control to two actions in my controller as:
access_control [:show, :index] => 'view_questions',
[:new, :create] => 'create_questions'
But now if I disable view questions user must still be able to create questions and view his own questions. How can I modify the access control settings so that if 'view_questions' is disabled for the user, he can still view his questions?
I want to modify the action show in such a way that if 'view_questions' is disabled, he must still be able to view his questions.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当您尝试自行推出时,权限处理可能很快就会失控,尤其是在您刚刚开始时。我强烈建议您研究一下 CanCan 之类的东西:
https://github.com/ryanb/cancan
Permission handling can very quickly get out of control when you try to roll own, especially if you're starting out. I'd highly recommend looking into something like CanCan:
https://github.com/ryanb/cancan