Cancannested_routes 限制对 :index 的访问
我对康康舞和嵌套路线有一些问题。
我有这样的路线:
resources :companies do
resources :projects
end
我对公司模型的能力没有问题,但对于项目模型,如果他们不是公司的管理员,我想拒绝对 Project#index 的访问。
下一个代码有效:
can :show, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
但我该怎么做:
can? :index, Project
我尝试重命名该方法,如下所示:
can :index_projects, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
并使用:
can? :index_projects, @company
但它不起作用。你知道该怎么做吗?
谢谢。
I have some problems with cancan and a nested routes.
I have this routes :
resources :companies do
resources :projects
end
I have no problem with the abilities for Company model but for the Project model I want to deny the access to Project#index if they are not admin of the company.
The next code works :
can :show, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
But how I can do :
can? :index, Project
I tried by renamed the method like that :
can :index_projects, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
and use :
can? :index_projects, @company
But it doesn't work. Do you know how to do it?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要在 ProjectsController 中使用类似的内容:
当您尝试访问 Projects#index CanCan 将检查能力并根据用户能力拒绝或允许访问
证明链接 https://github.com/ryanb/cancan/issues/209#issuecomment-609043
希望这就是您所需要的=]
you need to use something like this in your ProjectsController:
and when you`ll try to access Projects#index CanCan will check abilities and deny or allow access according to user abilities
prooflink https://github.com/ryanb/cancan/issues/209#issuecomment-609043
hope this is what you need =]