0
過去幾天我一直在CanCan中掙扎,需要一些幫助。我的用戶應該能夠訪問他們或他們的團隊成員創建的聯繫人。我爲此設置了一種能力,它可用於收集數據(CanCan將索引限制爲只能通過'accessable_by'查看的聯繫人),但是當您單擊聯繫人時,CanCan會拋出「未授權」錯誤。CanCan沒有授權控制器操作,但它可以正常工作accessible_by
我已經看過聯繫人表本身,可以驗證current_user與我點擊的聯繫人具有相同的team_id,所以它看起來應該可以工作,但它不會。
感謝您提供的任何幫助。
這裏是ability.rb文件:
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
case user.role
when "admin" then
can :manage, :all
when "team_admin" then
can :manage, Team, :team => { :id => user.team_id }
can :manage, Upload, :team => { :id => user.team_id }
can :manage, Property, :team => { :id => user.team_id }
can :manage, Contact, :team => { :id => user.team_id }
can :manage, Appointment, :team => { :id => user.team_id }
when "user" then
can :manage, Team, :team => { :id => user.team_id }
can :manage, Upload, :team => { :id => user.team_id }
can :manage, Property, :team => { :id => user.team_id }
can :manage, Contact#, :team => { :id => user.team_id }
can :manage, Appointment, :team => { :id => user.team_id }
can :read, User, :user => { :id => user.id}
can :create, Team
can :create, Upload
can :create, Property
# can :create, Contact
can :create, Appointment
can :index, Property
# can :index, Contact
end
# if user.role == "admin"
# can :manage, :all
# else
# can :read, :all
# end
#
# The first argument to `can` is the action you are giving the user permission to do.
# If you pass :manage it will apply to every action. Other common actions here are
# :read, :create, :update and :destroy.
#
# The second argument is the resource the user can perform the action on. If you pass
# :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
#
# The third argument is an optional hash of conditions to further filter the objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
end
這裏是我的聯繫控制器的顯示操作:
def show
@contact = Contact.find(params[:id])
authorize! :show, @contact
respond_to do |format|
format.html # show.html.erb
format.json { render json: @contact }
end
end
下面是用戶模式:
class User < ActiveRecord::Base
has_secure_password
attr_accessible :email, :password, :password_confirmation, :first_name, :last_name, :team_id, :role
belongs_to :team
has_many :appointments
has_many :contacts
has_many :properties
ROLES = %w[admin group_admin user disabled]
validates_uniqueness_of :email
before_create { generate_token(:auth_token) }
def send_password_reset
generate_token(:password_reset_token)
self.password_reset_sent_at = Time.zone.now
save!
UserMailer.password_reset(self).deliver
end
def generate_token(column)
begin
self[column] = SecureRandom.urlsafe_base64
end while User.exists?(column => self[column])
end
end
這裏是聯繫型號:
class Contact < ActiveRecord::Base
attr_accessible :address_1, :address_2, :city, :first_name, :last_name, :state, :zip, :team_id
has_and_belongs_to_many :properties
belongs_to :user
belongs_to :team
has_many :appointments
end
最後,這裏是團隊模式:
class Team < ActiveRecord::Base
attr_accessible :team_name
has_many :users
has_many :appointments
has_many :contacts
has_many :properties
end
奏效!謝謝!真的,謝謝。現在,爲什麼這個工作? (我最初使用的語法是CanCan wiki中顯示的語法) –
嗯,很高興聽到這一點,感謝您的接受。 CanCan允許您定義[哈希條件](https://github.com/ryanb/cancan/wiki/defining-abilities)。檢查它,你會明白。 – Thanh
我以前完成過:can:manage,Contact,team_id:user.team_id爲什麼這不起作用? (我是Rails/Ruby的新手) –