Ruby - Rails 4 - Pundit - 路由的策略和授權錯誤#index_fr？

Question

對不起，我沒有看到另一個地方問關於評論家的問題...感謝您的幫助。

我正在Ruby on Rails API上工作，我想創建一個url（.../api/v1/attractions/fr）列出一些關於我的模型的信息。但我得到了權威人士此錯誤消息：

權威人士:: AuthorizationNotPerformedError在/ API/V1 /景點/ FR 阿比:: V1 :: AttractionsController

這個錯誤verify_authorized在的lib/pundit.rb文件

def verify_authorized 
    raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized? 
end 

這是我的配置：

# app/config/routes.rb 

namespace :api, defaults: { format: :json } do 
    namespace :v1 do 
     resources :lines, only: [ :index, :show ] do 
     collection do 
      get '/fr', to: 'attractions#index_fr' 
     end 
     end 
    end 
end 

# app/controllers/api/v1/attractions_controller.rb 

class Api::V1::AttractionsController < Api::V1::BaseController 
skip_before_action :authenticate_user! 

    def index 
    @attractions = policy_scope(Attraction) 
    @attractions = Attraction.all 
    end 

    def index_fr 
    @attractions = policy_scope(Attraction) 
    @attractions = Attraction.all 
    end 
end 

# app/policies/application_policy.rb 

class ApplicationPolicy 
    attr_reader :user, :record 

    def initialize(user, record) 
    @user = user 
    @record = record 
    end 

    def index? 
    false 
    end 

    def index_fr? 
    false 
    end 

    def create? 
    false 
    end 

    def new? 
    create? 
    end 

    def update? 
    false 
    end 

    def edit? 
    update? 
    end 

    def destroy? 
    false 
    end 

    def scope 
    Pundit.policy_scope!(user, record.class) 
    end 

    class Scope 
    attr_reader :user, :scope 

    def initialize(user, scope) 
     @user = user 
     @scope = scope 
    end 

    def resolve 
     scope 
    end 
    end 
end 
end 

Answer 1

嘗試將before_filter :skip_authorization添加到您的api控制器。

但是隻有在您將其添加爲after_action時才應該調用權威verify_authorized方法。