1. 首頁
  2. 問答
  3. 什麼是:管理,:所有在Ruby中做的事情?

什麼是:管理,:所有在Ruby中做的事情?

2017-05-26 32 views
-1

我有一個基本的授權類在Rails應用程序,它看起來是這樣的:什麼是:管理,:所有在Ruby中做的事情?

class Ability 
    include CanCan::Ability 

    def initialize(user) 

    if user 
    can :access, :rails_admin  # only allow admin users to access Rails Admin 
    can :dashboard 
    if user.admin? 
     can :manage, :all 
    else 
     can :manage, [Agreement, Attachment, Contact, Deadline, Event, Image, Photo, Project, Submission, Talk] 
     can :update, User, id: user.id 
    end 
    end 

    # Current user cannot delete his account 
    cannot :destroy, User, id: user.id 
    end 
end

現在,我在嘗試用一個簡單的用戶訪問儀表板時,未授權的錯誤,但一旦我把can :manage, :all一個簡單用戶的狀態它神祕地通過並看到儀表板。

什麼是:manage, :all有超過:manage, [All_my_tables],爲什麼我的用戶不讓用這種方式?

來源

2017-05-26 Vlad Balanescu

+3

** HTTPS之前得到了很好的研究://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities** –

+0

謝謝分享我的維基,但我已經通過該頁面,如果我能找到我的答案,我不會在這裏發佈問題 –

+0

*「我試圖訪問儀表板時遇到未經授權的錯誤」* - 這是不是因爲你寫了'can:dashboard'而不是'can:read,:dashboard'?或者,如果沒有,您能否更具體地說明用戶未經授權的行爲? (什麼是控制器?) –

回答

0

這裏是答案,我只需要:manage, :all爲一個簡單的用戶,然後重寫權限。

class Ability 
    include CanCan::Ability 

    def initialize(user) 

    #Check if the user is logged in 
    if user 
     #Grant access to the dashboard 
     can :access, :rails_admin 
     can :dashboard 
     can :manage, :all 

     #Simple user permissions set here 
     if !user.admin? 
     alias_action :create, :update, :destroy, to: :cud 

     can :manage, :all 
     cannot :cud, User 
     cannot :destroy, [Agreement, Submission] 
     end 
    end 

    can :update, User, id: user.id  #User can edit his/her own account 
    cannot :destroy, User, id: user.id #User cannot delete his/her own account 
    end 
end

感謝向下票,但這個問題已經到了這裏

來源

2017-05-26 11:15:15

相關問題

 相關問題