0
我試圖授權每個用戶,以便他們可以創建,讀取,更新和銷燬他們自己的logg。我使用腳手架創建了logg。我在用戶中使用了devise和admin作爲布爾值。我有一個LoggsController,用戶模型,logg模型和ability.rb我試圖跟蹤投射視頻,以便我可以讓所有用戶都這樣做。到目前爲止,管理員可以做所有事情。但用戶不能做我想要的。cancan授權
class Ability
include CanCan::Ability
def initialize(user)
user||= User.new
if user.admin?
can :manage, :all
else
can :read, :all
can :create, Logg
can :update, Logg do |logg|
logg.try(:user) == user
end
end
end
end
我的模型和控制器
class User < ActiveRecord::Base
ROLES = %w[admin moderator author banned]
has_many :loggs
def role?(role)
roles.include? role.to_s
end
end
class Logg < ActiveRecord::Base
belongs_to :users
end
class LoggsController < ApplicationController
load_and_authorize_resource
before_action :set_logg, only: [:show, :edit, :update, :destroy]
respond_to :html
def index
@loggs = Logg.all
respond_with(@loggs)
end
def show
respond_with(@logg)
end
def new
respond_with(@logg)
end
def edit
end
def create
@logg.save
respond_with(@logg)
end
def update
@logg.update(logg_params)
respond_with(@logg)
end
def destroy
@logg.destroy
respond_with(@logg)
end
private
def set_logg
@logg = Logg.find(params[:id])
end
def logg_params
params.require(:logg).permit(:name, :date, :time, :whats_gone_well_this_week, :whats_not_gone_well_this_week, :learnt_anything_new, :what_would_you_like_to_improve, :anything_else)
end
end
查看
<% if can? :show, @logg %>
<%= link_to 'Show', logg %>
<% end %>
<% if can? :update, @logg %>
| <%= link_to 'Edit', edit_logg_path(logg) %>
<% end %>
<% if can? :destroy, @logg %>
| <%= link_to 'Destroy', logg, method: :delete, data: { confirm: 'Are you sure?' } %></p>
<% end %>
'admin?'的定義是什麼? – kasperite
你爲什麼不試試這個:在capability.rb中替換這個代碼'可以:update,Logg do | logg | logg.try(:user)== user end' for this'can:update,user_id:user.id'。我假設用戶has_many loggs –
我修復了這個問題,以便用戶只能通過在loggs控制器中添加user_id並添加來管理他們自己的loggs。 else can:manage,Logg,:user_id => user.id但他們仍然可以查看索引頁面中的其他loggs,並且顯示,編輯,銷燬鏈接仍然可見。我嘗試了cancan方式添加<%如果可以? :創建,Logg%> <%= link_to'New Logg',new_logg_path%> <% end %>但這不工作 – Mo2