如何处理授权! :更新,@post ArgumentError in Rails cancancan gem
我想授予管理员所有权限,只授予普通用户读取权限。 因此,在管理员点击 /posts/1/edit 后,它工作正常,但对于普通用户,它给出
ArgumentError in PostsController#edit
wrong number of arguments (given 2, expected 0..1)
Application_Controller.rb
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protect_from_forgery with: :exception
rescue_from CanCan::AccessDenied do
flash[:error] = 'Access denied!'
redirect_to root_url
end
protected
def configure_permitted_parameters
added_attrs = [:first_name, :last_name, :phone, :gender, :username, :email, :password, :password_confirmation, :remember_me]
devise_parameter_sanitizer.permit :sign_up, keys: added_attrs
devise_parameter_sanitizer.permit :sign_in, keys: [:login, :password]
devise_parameter_sanitizer.permit :account_update, keys: added_attrs
end
end
Post_controller.rb
class PostsController < ApplicationController
before_action :authenticate_user!
before_action :fetch_all_posts_and_users
#some code
def edit
@post = Post.find(params[:id])
authorize! :update, @post
end
def update
@post = Post.find(params[:id])
if @post.update(post_params)
redirect_to(post_path(@post))
else
render('edit')
end
end
def destroy
@post = Post.find(params[:id])
@post.destroy
end
private
def post_params
params.require(:post).permit(:title, :image, :total_likes)
end
def fetch_all_posts_and_users
@posts = Post.all
@users = User.all
end
end
我还添加了load_and_authorize_resource 但它不适用于管理员和普通用户
Ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
can :read, :all
end
end
end
I want to grant all permission to admin, and only read permission to normal user.
so, after hitting /posts/1/edit for admin its working fine, but for normal user its giving
ArgumentError in PostsController#edit
wrong number of arguments (given 2, expected 0..1)
Application_Controller.rb
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protect_from_forgery with: :exception
rescue_from CanCan::AccessDenied do
flash[:error] = 'Access denied!'
redirect_to root_url
end
protected
def configure_permitted_parameters
added_attrs = [:first_name, :last_name, :phone, :gender, :username, :email, :password, :password_confirmation, :remember_me]
devise_parameter_sanitizer.permit :sign_up, keys: added_attrs
devise_parameter_sanitizer.permit :sign_in, keys: [:login, :password]
devise_parameter_sanitizer.permit :account_update, keys: added_attrs
end
end
Post_controller.rb
class PostsController < ApplicationController
before_action :authenticate_user!
before_action :fetch_all_posts_and_users
#some code
def edit
@post = Post.find(params[:id])
authorize! :update, @post
end
def update
@post = Post.find(params[:id])
if @post.update(post_params)
redirect_to(post_path(@post))
else
render('edit')
end
end
def destroy
@post = Post.find(params[:id])
@post.destroy
end
private
def post_params
params.require(:post).permit(:title, :image, :total_likes)
end
def fetch_all_posts_and_users
@posts = Post.all
@users = User.all
end
end
I had also add load_and_authorize_resource
but its not working for both admin and normal user
Ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
can :read, :all
end
end
end
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论