CanCan - 用户帐号的密钥持有者访问

Question

我正在使用CanCan &设计用户身份验证&权限。

用户可以为他们的账户提名一个持卡人，他们拥有不同的权限。密钥持有者有一个名为“access_id”的属性，它与他们可以访问的帐户的ID相同。我试图给acheive如下：

class Ability 
    include CanCan::Ability 

    def initialize(user) 
    user ||= User.new # guest user 

    if user.admin? 
     can :manage, :all 
    elsif user.keyholder? 
     can :read, Folder do |folder| 
     folder.try(:user) == user.access_id 
     end 
    else 
     can :create, :all 
     can :manage, :all do |all| 
     all.try(:user) == user 
     end 
    end 



    end 
end 

但有了这个代码，密钥持有者不能访问帐号被提名访问。我如何纠正代码来实现这一目标？谢谢！

Answer 1

你可以尝试

folder.user_id == user.access_id 

假设持有者的登录。

使

user.keyholder? => true 
user => keyholder 
user.access_id => id of user who did nominate current_user 
folder.user_id => id of folder owner 

---

编辑

如果y欧也希望这样持有者也可以访问他/她的文件夹：

(folder.user_id == user.access_id) || (folder.user_id == user.id) 

但是这一次是更好的，把这个出你的if/else语句，使任何人，（持有者，或普通用户）可以接取他/她自己的文件夹。

def initialize(user) 
user ||= User.new # guest user 

# every one reads his own folder.. or you can copy this to wherever you want 
can :read, Folder do |folder| 
    folder.user_id == user.id 
end 

if user.admin? 
    can :manage, :all 
elsif user.keyholder? 
    can :read, Folder do |folder| 
    # but keyholder accesses even more 
    folder.user_id == user.access_id 
    end 
else 
    can :create, :all 
    can :manage, :all do |all| 
    all.try(:user) == user 
    end 
end 
end 

此外，或者，您可以定义can：多次读取keyholder。如：

elsif user.keyholder? 
    can :read, Folder do |folder| 
    folder.user_id == user.access_id 
    end 
    can :read, Folder do |folder| 
    folder.user_id == user.id 
    end 
else