1. 首页
  2. 问答
  3. 什么是:管理,:所有在Ruby中做的事情?

什么是:管理,:所有在Ruby中做的事情?

2017-05-26 34 views
-1

我有一个基本的授权类在Rails应用程序,它看起来是这样的:什么是:管理,:所有在Ruby中做的事情?

class Ability 
    include CanCan::Ability 

    def initialize(user) 

    if user 
    can :access, :rails_admin  # only allow admin users to access Rails Admin 
    can :dashboard 
    if user.admin? 
     can :manage, :all 
    else 
     can :manage, [Agreement, Attachment, Contact, Deadline, Event, Image, Photo, Project, Submission, Talk] 
     can :update, User, id: user.id 
    end 
    end 

    # Current user cannot delete his account 
    cannot :destroy, User, id: user.id 
    end 
end

现在,我在尝试用一个简单的用户访问仪表板时,未授权的错误,但一旦我把can :manage, :all一个简单用户的状态它神秘地通过并看到仪表板。

什么是:manage, :all有超过:manage, [All_my_tables],为什么我的用户不让用这种方式?

来源

2017-05-26 Vlad Balanescu

+3

** HTTPS之前得到了很好的研究://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities** –

+0

谢谢分享我的维基,但我已经通过该页面,如果我能找到我的答案,我不会在这里发布问题 –

+0

*“我试图访问仪表板时遇到未经授权的错误”* - 这是不是因为你写了'can:dashboard'而不是'can:read,:dashboard'?或者,如果没有,您能否更具体地说明用户未经授权的行为? (什么是控制器?) –

回答

0

这里是答案,我只需要:manage, :all为一个简单的用户,然后重写权限。

class Ability 
    include CanCan::Ability 

    def initialize(user) 

    #Check if the user is logged in 
    if user 
     #Grant access to the dashboard 
     can :access, :rails_admin 
     can :dashboard 
     can :manage, :all 

     #Simple user permissions set here 
     if !user.admin? 
     alias_action :create, :update, :destroy, to: :cud 

     can :manage, :all 
     cannot :cud, User 
     cannot :destroy, [Agreement, Submission] 
     end 
    end 

    can :update, User, id: user.id  #User can edit his/her own account 
    cannot :destroy, User, id: user.id #User cannot delete his/her own account 
    end 
end

感谢向下票,但这个问题已经到了这里

来源

2017-05-26 11:15:15

相关问题

 相关问题