0
我試圖通過Authlogic實現角色來限制我的Rails應用程序中的控制器訪問。只要我用load_and_authorize和filter_resource_access實現它,我就無法訪問任何角色的控制器。
在我的用戶模型中,我有一個角色字段,其has_many roles_users指向角色模型。因此,用戶1是'管理員',具有角色分配1,其鏈接到'管理'角色1。無法使用CanCan和Authlogic進行授權
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
can :read, InstallQuote
can :create, InstallQuote
if user.role? :admin
can :manage, :all
end
helper :all
protect_from_forgery # See ActionController::RequestForgeryProtection for details
helper_method :current_user_session, :current_user
rescue_from CanCan::AccessDenied do |exception|
flash[:error] = exception.message
redirect_back_or_default(root_path)
end
before_filter { |c| Authorization.current_user = c.current_user }
filter_parameter_logging :password, :password_confirmation
protected
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.user
end
class ClientsController < ApplicationController
# before_filter :authenticate, :only => [:edit, :update, :show, :index]
load_and_authorize_resource # For declarative authorization
filter_resource_access
# belongs_to :company
# before_filter :require_user, :only => [:edit, :update, :index, :destroy]
# before_filter :admin_user, :only => :destroy
helper_method :sort_column, :sort_direction
before_filter :correct_user, :only => [:edit, :update, :show, :index]
acts_as_authentic
has_many :roles_users
has_many :roles, :through => :roles_users
before_create :setup_role
attr_accessible :email, :login, :first_name, :last_name, :role_id, :password, :password_confirmation, :active
(我已經註釋掉了舊的代碼,我現在不想溝渠)。
任何人都知道我錯過了什麼?