CanCan - 用戶帳號的密鑰持有者訪問

Question

我正在使用CanCan &設計用戶身份驗證&權限。

用戶可以爲他們的賬戶提名一個持卡人，他們擁有不同的權限。密鑰持有者有一個名爲「access_id」的屬性，它與他們可以訪問的帳戶的ID相同。我試圖給acheive如下：

class Ability 
    include CanCan::Ability 

    def initialize(user) 
    user ||= User.new # guest user 

    if user.admin? 
     can :manage, :all 
    elsif user.keyholder? 
     can :read, Folder do |folder| 
     folder.try(:user) == user.access_id 
     end 
    else 
     can :create, :all 
     can :manage, :all do |all| 
     all.try(:user) == user 
     end 
    end 



    end 
end 

但有了這個代碼，密鑰持有者不能訪問帳號被提名訪問。我如何糾正代碼來實現這一目標？謝謝！

Answer 1

你可以嘗試

folder.user_id == user.access_id 

假設持有者的登錄。

使

user.keyholder? => true 
user => keyholder 
user.access_id => id of user who did nominate current_user 
folder.user_id => id of folder owner 

---

編輯

如果y歐也希望這樣持有者也可以訪問他/她的文件夾：

(folder.user_id == user.access_id) || (folder.user_id == user.id) 

但是這一次是更好的，把這個出你的if/else語句，使任何人，（持有者，或普通用戶）可以接取他/她自己的文件夾。

def initialize(user) 
user ||= User.new # guest user 

# every one reads his own folder.. or you can copy this to wherever you want 
can :read, Folder do |folder| 
    folder.user_id == user.id 
end 

if user.admin? 
    can :manage, :all 
elsif user.keyholder? 
    can :read, Folder do |folder| 
    # but keyholder accesses even more 
    folder.user_id == user.access_id 
    end 
else 
    can :create, :all 
    can :manage, :all do |all| 
    all.try(:user) == user 
    end 
end 
end 

此外，或者，您可以定義can：多次讀取keyholder。如：

elsif user.keyholder? 
    can :read, Folder do |folder| 
    folder.user_id == user.access_id 
    end 
    can :read, Folder do |folder| 
    folder.user_id == user.id 
    end 
else