如何设置康康舞？

发布于 2024-12-21 14:02:29 字数 4161 浏览 0 评论 0原文

我已经安装了设备。

我做到了，

rails g cancan:ability

中获得的能力类

class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    #
    # The first argument to `can` is the action you are giving the user permission to do.
    # If you pass :manage it will apply to every action. Other common actions here are
    # :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on. If you pass
    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
end

这是我在 app/models posts 表

                                   Table "public.posts"
   Column    |          Type          |                     Modifiers                      
-------------+------------------------+----------------------------------------------------
 id          | integer                | not null default nextval('posts_id_seq'::regclass)
 title       | character varying(100) | not null
 content     | character varying(500) | not null
 created_at  | date                   | 
 updated_at  | date                   | 
 tags        | character varying(55)  | not null default '50'::character varying
 category_id | integer                | not null default 1
 user_id     | integer                | 
Indexes:
    "posts_pkey" PRIMARY KEY, btree (id)

users 表

                                           Table "public.users"
         Column         |            Type             |                     Modifiers                      
------------------------+-----------------------------+----------------------------------------------------
 id                     | integer                     | not null default nextval('users_id_seq'::regclass)
 email                  | character varying(255)      | not null default ''::character varying
 encrypted_password     | character varying(128)      | not null default ''::character varying
 reset_password_token   | character varying(255)      | 
 reset_password_sent_at | timestamp without time zone | 
 remember_created_at    | timestamp without time zone | 
 sign_in_count          | integer                     | default 0
 current_sign_in_at     | timestamp without time zone | 
 last_sign_in_at        | timestamp without time zone | 
 current_sign_in_ip     | character varying(255)      | 
 last_sign_in_ip        | character varying(255)      | 
 confirmation_token     | character varying(255)      | 
 confirmed_at           | timestamp without time zone | 
 confirmation_sent_at   | timestamp without time zone | 
 username               | character varying(255)      | not null
 is_admin               | boolean                     | default false
 created_at             | timestamp without time zone | 
 updated_at             | timestamp without time zone | 
Indexes:
    "users_pkey" PRIMARY KEY, btree (id)
    "index_users_on_confirmation_token" UNIQUE, btree (confirmation_token)
    "index_users_on_email" UNIQUE, btree (email)
    "index_users_on_reset_password_token" UNIQUE, btree (reset_password_token)
    "index_users_on_username" UNIQUE, btree (username)

现在我如何设置 cancan 来允许/拒绝 PostController、CommentsController 的某些操作？如果user.is_admin = true那么用户可以编辑、删除帖子、评论。否则普通用户只能注册后才能发帖。任何访客用户都可以对任何帖子发表评论。

在 PostsController 中，我

before_filter :authenticate_user! , :except => [:index, :show, :bla1, :bla2, :bla3, :bla4, :bla5, :bla6, :bla7, :bla8, :bla9]

在每个控制器中都必须编写这样的行，这很乏味。有没有什么捷径可以减少每个控制器中的此类线路？

原文

I have installed devise.

I did,

rails g cancan:ability

This is the Ability class I got in app/models

class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    #
    # The first argument to `can` is the action you are giving the user permission to do.
    # If you pass :manage it will apply to every action. Other common actions here are
    # :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on. If you pass
    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
end

posts table

                                   Table "public.posts"
   Column    |          Type          |                     Modifiers                      
-------------+------------------------+----------------------------------------------------
 id          | integer                | not null default nextval('posts_id_seq'::regclass)
 title       | character varying(100) | not null
 content     | character varying(500) | not null
 created_at  | date                   | 
 updated_at  | date                   | 
 tags        | character varying(55)  | not null default '50'::character varying
 category_id | integer                | not null default 1
 user_id     | integer                | 
Indexes:
    "posts_pkey" PRIMARY KEY, btree (id)

users table

                                           Table "public.users"
         Column         |            Type             |                     Modifiers                      
------------------------+-----------------------------+----------------------------------------------------
 id                     | integer                     | not null default nextval('users_id_seq'::regclass)
 email                  | character varying(255)      | not null default ''::character varying
 encrypted_password     | character varying(128)      | not null default ''::character varying
 reset_password_token   | character varying(255)      | 
 reset_password_sent_at | timestamp without time zone | 
 remember_created_at    | timestamp without time zone | 
 sign_in_count          | integer                     | default 0
 current_sign_in_at     | timestamp without time zone | 
 last_sign_in_at        | timestamp without time zone | 
 current_sign_in_ip     | character varying(255)      | 
 last_sign_in_ip        | character varying(255)      | 
 confirmation_token     | character varying(255)      | 
 confirmed_at           | timestamp without time zone | 
 confirmation_sent_at   | timestamp without time zone | 
 username               | character varying(255)      | not null
 is_admin               | boolean                     | default false
 created_at             | timestamp without time zone | 
 updated_at             | timestamp without time zone | 
Indexes:
    "users_pkey" PRIMARY KEY, btree (id)
    "index_users_on_confirmation_token" UNIQUE, btree (confirmation_token)
    "index_users_on_email" UNIQUE, btree (email)
    "index_users_on_reset_password_token" UNIQUE, btree (reset_password_token)
    "index_users_on_username" UNIQUE, btree (username)

Now how can I set up cancan to allow/deny some actions of PostController, CommentsController? If the user.is_admin = true then user can edit, delete posts, comments. Otherwise a normal user can only add post after registering. Any guest user can comment for any post.

In PostsController I have

before_filter :authenticate_user! , :except => [:index, :show, :bla1, :bla2, :bla3, :bla4, :bla5, :bla6, :bla7, :bla8, :bla9]

In every controller I had to write such line, that's tedious. Is there any shortcut way to reduce such line in every controller?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

琉璃繁缕 2024-12-28 14:02:29

你应该这样设置你的ability.rb。

class Ability
   include CanCan::Ability

   def initialize(user)

     # rules for admin
     if user.is_admin?
       #if admin can do anything
       can :manage, :all
       #if admin can only edit and destroy posts and comments
       can :edit, Post
       can :destroy, Post
       can :edit, Comment
       can :destroy, Comment  
     end 

     #rules for registred user
     can :create, Post
   end
end

并在您的控制器中

class PostsController < ApplicationController
   authorize_resource :except => show
end

class CommentsController < ApplicationController
   authorize_resource :only => [:edit,:update,:destroy]
end

希望它会有所帮助。 :)

you should set your ability.rb this way.

class Ability
   include CanCan::Ability

   def initialize(user)

     # rules for admin
     if user.is_admin?
       #if admin can do anything
       can :manage, :all
       #if admin can only edit and destroy posts and comments
       can :edit, Post
       can :destroy, Post
       can :edit, Comment
       can :destroy, Comment  
     end 

     #rules for registred user
     can :create, Post
   end
end

and in yours controllers

class PostsController < ApplicationController
   authorize_resource :except => show
end

class CommentsController < ApplicationController
   authorize_resource :only => [:edit,:update,:destroy]
end

Hope it will be helpfull. :)

回复收藏 0 原文

~没有更多了~