1. 首頁
  2. 問答
  3. 慘慘錯誤地拒絕管理員訪問

慘慘錯誤地拒絕管理員訪問

2012-11-14 51 views
2

我與別人的代碼工作加上我沒有經驗,使用Rails和我在與慘慘&設計的問題。慘慘錯誤地拒絕管理員訪問

當試圖登錄(使用我知道在那裏,因爲他們之前曾憑據,我檢查數據庫,併成功地運用了復位功能),我得到一個錯誤的屏幕說明。

CanCan::AccessDenied in AdminController#index 

You are not authorized to access this page. 

app/controllers/admin_controller.rb:4:in `index' 
config/initializers/quiet_assets.rb:6:in `call_with_quiet_assets'

,並在終端

Started POST "https://stackoverflow.com/users/sign_in" for 127.0.0.1 at 2012-11-14 13:13:01 +0000 
    Processing by Devise::SessionsController#create as HTML 
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"T8CJkCIEA3r7ROiknVp/vbEgeKCBZEjl3uYd+46G7no=", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"} 
WARNING: Can't verify CSRF token authenticity 
    User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = '[email protected]' LIMIT 1 
(0.2ms) BEGIN 
(0.3ms) UPDATE `users` SET `last_sign_in_at` = '2012-11-14 11:10:56', `current_sign_in_at` = '2012-11-14 13:13:01', `sign_in_count` = 219, `updated_at` = '2012-11-14 13:13:01' WHERE `users`.`id` = 1 
(0.1ms) COMMIT 
Redirected to http://core.lvh.me:3000/admin 
Completed 302 Found in 355ms 


Started GET "/admin" for 127.0.0.1 at 2012-11-14 13:13:02 +0000 
    Processing by AdminController#index as HTML 
Completed 500 Internal Server Error in 265ms 

CanCan::AccessDenied (You are not authorized to access this page.): 
    app/controllers/admin_controller.rb:4:in `index' 
    config/initializers/quiet_assets.rb:6:in `call_with_quiet_assets'

admin_controller.rb

class AdminController < ApplicationController 

    def index 
    authorize! :index, :admin (#line 4) 
    end

ability.rb

class Ability 
    include CanCan::Ability 

    def initialize(user) 
    user ||= User.new # guest user (not logged in) 

    case user.role_name 

    when "super_admin" 
     # can do everything 
     can :manage, :all 

    when "franchise_admin" 
     can [:read, :search, :all, :up_down_index], Article 
     can [:old_feed, :sites, :new_feed], MobileFeed 
     can [:new, :read, :update], SiteSpecificArticle, site_id: user.site_id 
     can [:index, :new_site_essentials], :admin 


    when "franchise_editor" 
     can [:new, :read, :update], SiteSpecificArticle { |ssa| ssa.site.customer.sites.include?(user.site) } 
     can [:old_feed, :sites, :new_feed], MobileFeed 
     can [:read, :search, :all, :up_down_index], Article 

    when "site_admin" 
     # can CRUD users for their site 
     can :manage, User, site_id: user.site_id 
     # can edit content for their site 
     can [:read, :update], ArticleSitePermission, site_id: user.site_id 
     can [:read, :update], CoreArticleSiteVisibility, site_id: user.site_id 
     can [:new, :read, :update], SiteSpecificArticle, site_id: user.site_id 
     can [:new, :read, :update], FrontPageCampaign, site_id: user.site_id 
     can [:new, :read, :update], FrontPageTimeBasedArticle, site_id: user.site_id 
     can [:new, :read, :update], FrontpageArticle, site_id: user.site_id 
     can [:index, :new_site_essentials], :admin 
     can [:read, :search, :all, :up_down_index, :hidden_in_this_site], Article 
     can [:old_feed, :sites, :new_feed], MobileFeed 
     can [:index, :create], TrackMood 
     can :site_styles, Site 

    when "editor" 
     # can edit content for their site 
     can [:read, :update], ArticleSitePermission, site_id: user.site_id 
     can [:read, :update], CoreArticleSiteVisibility, site_id: user.site_id 
     can [:new, :read, :update], SiteSpecificArticle, site_id: user.site_id 
     can :manage, FrontPageCampaign, site_id: user.site_id 
     can :manage, User, site_id: user.site_id 
     can [:new, :read, :update], FrontPageTimeBasedArticle, site_id: user.site_id 
     can [:new, :read, :update], FrontpageArticle, site_id: user.site_id 
     can [:old_feed, :sites, :new_feed], MobileFeed 
     can [:index, :new_site_essentials], :admin 
     can [:read, :search, :all, :up_down_index, :hidden_in_this_site], Article 
     can [:index, :create], TrackMood 
     can :site_styles, Site 

    else 
     # guest user (not logged in) 
     can [:read, :search, :up_down_index], Article 
     can [:old_feed, :sites, :new_feed], MobileFeed 
     can [:index, :create], TrackMood 
     can :site_styles, Site 
    end 
    end 
end

在這個問題上的任何幫助,將不勝感激。即使這只是嘗試調試問題的另一個步驟。

謝謝

來源

2012-11-14 edev.io

+0

請張貼您的ability.rb,所以我們可以看到你是如何授權的配置文件 –

+0

看起來不像是名爲「admin」的角色 - 有super_admin,franchise_admin,site_admin等。嘗試在控制器#索引方法中用':super_admin'替換':admin'。 –

+0

您用於登錄的帳戶的用戶角色是什麼? – Thanh

回答

0

你可以嘗試更改爲:

class AdminController < ApplicationController 

    def index 
    authorize! :index, :super_admin (#line 4) 
    end

來源

2012-11-14 17:50:18 nxxn

+0

不要運氣。相同的一組錯誤消息。任何其他想法? –

+0

我可以在github上看到這段代碼嗎? – nxxn

+0

不幸的是,我只能把這個項目放在一邊,因爲這個項目是私人的:-( –

2

在GitHub上慘慘維基指出:

「添加authorize_resource將過濾器調用授權!經過之前進行資源實例變量(如果存在的話),如果沒有設置實例變量(例如在索引操作中),它將傳遞類名稱,例如,如果我們有一個ProductsController,它將在每個操作之前執行此操作。

authorize!(params[:action], @product || Product)

你的問題是,你要授權:該指標作用:管理的象徵,當你確實有授權管理對象或模型,像這樣:

authorize!(:index, @admin)

我認爲你誤解了授權!方法,並嘗試授權角色admin的索引操作,但所有CanCan內容都基於current_ability進行授權,這應該是用戶會話在登錄時設置的第一件事。慘慘一種可以實現這個要求,這個默認的ApplicationController方法:

def current_ability 
    @current_ability ||= Ability.new(current_user) 
end

但這意味着你需要有另一種方法叫做CURRENT_USER返回當前用戶(DOH)。檢查你是否有這個設置,如果沒有,然後設置它,並更改:管理員到@admin(你必須實例化,我認爲是像current_user.admin(?))。

一兩件事:如果你做這樣的授權只是爲了調試,OK,沒問題,但如果你在實際授權的每一個動作mannualy這樣想,請不要。 CanCan有一個名爲load_and_authorize_resource的方法,它既爲控制器的每個動作授權current_user,也將例如@products的變量@model實例化爲:Product.accessible_by(current_ability)。當您擁有某些用戶只能在某些情況下看到或管理的內容時(如編輯自己的配置文件),此功能非常有效。當然你必須在ability.rb文件中設置它。這種方法是這樣的:

class AdminController < ApplicationController 

    load_and_authorize_resource 

    def index 
     # @admins here will have every admin that the user can see 
    end 

end

而且如果你有一些動作,你不需要授權,你可以說:

load_and_authorize_resource, :only => [:action1, :action2] 
load_and_authorize_resource, :except => [:action1, :action2]

或者也:

load_and_authorize_resource 
skip_authorize_resource, :only => [:action1] 
skip_authorize_resource, :except => :action2 #can be both an array or single symbol

我希望這可以幫助你和任何人也有這個問題:)

來源

2012-11-15 03:41:43

+0

哇歡呼的信息。直到明天不再工作,但會嘗試把它付諸實踐然後給予和更新。再次感謝詳細的回覆 –

+0

嗨,我仍然有問題,我認爲這可能與檢查用戶是否在正確的位置有關,只是因爲在登錄時發生更改的其他頁面上,仍然沒有明顯的變化。不僅僅是訪問受限區域的問題,而是因登錄狀態而發生變化的常見頁面 –

相關問題

 相關問題