通过关系获得康康舞能力

发布于 2025-01-08 12:12:48 字数 446 浏览 0 评论 0原文

我正在使用 CanCan 来定义用户能力，但我刚刚遇到了一个障碍，我试图只允许用户通过其父级来管理模型。

例如。一本书有一个作者，一本书有很多章节。我希望只有作者能够管理章节。我的图书模型有一个author_id。我的章节模型有一个 book_id。

在我的Ability.rb 文件中，我有

 user.has_role? :author
            can :manage, Book, :author_id => user.id
            can :manage, Chapter
            can :read, :all
        else

，但我在文档中没有看到任何地方定义作者只能管理本书的章节。还有其他方法来授权一本书及其所有关系吗？或者我应该以某种方式将这一章定义为属于这本书？我没有通过书籍模型保存章节（它不是嵌套的）。

原文

I'm using CanCan for defining a users abilities, but I just ran into a snag where I'm trying to only allow the user to manage a model through it's parent.

For example.
A book has an author, a book has many chapters.
I want only the author to be able to manage chapters.
My book model has an author_id.
My chapter model has a book_id.

in my Ability.rb file I have

 user.has_role? :author
            can :manage, Book, :author_id => user.id
            can :manage, Chapter
            can :read, :all
        else

but I don't see anywhere in the documentation where I define that the author can only manage the chapters of the book. Is there another way to authorize a book and all it's relationships? Or am I supposed to somehow define the chapter as belonging to the book? I am not saving the chapter through the book model (it is not nested).

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

千纸鹤带着心事 2025-01-15 12:12:48

一种可能的方法：

 user.has_role? :author
            can :manage, Book, :author_id => user.id
            can :manage, Chapter do |chapter|
              chapter.book.author_id == user.id
            end
            can :read, :all
        else

也许有更好的解决方案......

A possible approach:

 user.has_role? :author
            can :manage, Book, :author_id => user.id
            can :manage, Chapter do |chapter|
              chapter.book.author_id == user.id
            end
            can :read, :all
        else

Maybe there's a better solution...

回复收藏 0 原文

~没有更多了~