1. 首頁
  2. 問答
  3. Rails cancan無法正常工作

Rails cancan無法正常工作

2016-02-02 92 views
1

我正在嘗試構建一個博客,其中將有2個用戶管理員和普通用戶.Admin可以查看每個帖子和評論。而正常用戶可以查看他的唯一帖子和評論。我已經應用了我的邏輯但它不能正常工作。在我的代碼,每個用戶都可以查看對方後和評論,我不想。我已經在github上上傳了我的代碼
linkRails cancan無法正常工作


[ability.rb]

class Ability 
    include CanCan::Ability 
    def initialize(user) 
     unless user 
     else 
      case user.roles 
      when 'admin' 
      can :manage, Post 
      can :manage, Comment 
     when 'user' 
      can :manage, Post, user_id: user.id 
      can :manage, Comment, user_id: user.id 
     end 
     end 



class PostsController < ApplicationController 
    before_action :authenticate_user! 
    authorize_resource 

    def index 
     @posts = Post.all.order('created_at DESC') 
    end 

    def new 
     @post = Post.new 
    end 

    def show 
     @post = Post.find(params[:id]) 
    end 

    def create 
     @post = Post.new(post_params) 
     @post.user = current_user 

     if @post.save 
      redirect_to @post 
     else 
      render 'new' 
     end 
    end 

    def edit 
     @post = Post.find(params[:id]) 
    end 

    def update 
     @post = Post.find(params[:id]) 

     if @post.update(params[:post].permit(:title, :body)) 
      redirect_to @post 
     else 
      render 'edit' 
     end 
    end 

    def destroy 
     @post = Post.find(params[:id]) 
     @post.destroy 

     redirect_to posts_path 
    end 

    private 

    def post_params 
     params.require(:post).permit(:title, :body) 
    end 
end


[comment_controller]

class CommentsController < ApplicationController 
      authorize_resource 

    def create 
     @post = Post.find(params[:post_id]) 
     @comment = @post.comments.build(params[:comment].permit(:name, :body)) 
     @comment.user = current_user 
     @comment.save 
     redirect_to post_path(@post) 
    end 

    def destroy 
     @post = Post.find(params[:post_id]) 
     @comment = @post.comments.find(params[:id]) 
     @comment.destroy 

     redirect_to post_path(@post) 
    end 
end


[user.rb]

class User < ActiveRecord::Base 
    # Include default devise modules. Others available are: 
    # :confirmable, :lockable, :timeoutable and :omniauthable 
    devise :database_authenticatable, :registerable, 
     :recoverable, :rememberable, :trackable, :validatable 
     has_many :posts 
     has_many :comments 
end


[post.rb]

class Post < ActiveRecord::Base 
    has_many :comments, dependent: :destroy 
    validates :title, presence: true, length: {minimum: 5} 
    validates :body, presence: true 
    belongs_to :user 
end


[comment.rb]

class Comment < ActiveRecord::Base 
    belongs_to :post 
    belongs_to :user 

end

來源

2016-02-02 Aniket Shivam Tiwari

+0

請在這裏發佈相關的代碼。 – dwenzel

+0

請參閱我已更新的相關代碼 –

+0

謝謝。幾個問題: 1.'case user.roles' ...不應該是'case user.role'(單數)? 2.你的邏輯在哪裏根據這個能力限制了用戶的觀點? – dwenzel

回答

2

首先...

CanCan不再維持; CanCanCan應添加到您的Gemfile

#Gemfile 
gem "cancancan"

-

,您就可以使用以下命令:

#app/models/ability.rb 
class Ability 
    include CanCan::Ability 

    def initialize(user) 
    user ||= User.new # guest user (not logged in) 
    case user.roles 
     when "admin" #-> use double quotes for evaluating strings 
      can :manage, [Post, Comment] 
     when "user" 
      can :manage, [Post, Comment], user_id: user.id 
     end 
    end 
end

-

您還需要確保你打電話authorize!

雖然authorize_resource是好的,您的情況,你需要確保你堅持傳統......

#app/controllers/comments_controller.rb 
class CommentsController < ApplicationController 
    authorize_resource :post 
    authorize_resource :comment 

    def create 
     @post = Post.find params[:post_id] 
     @comment = @post.comments.new comment_params 
     @comment.user = current_user 
     @comment.save 

     redirect_to @post 
    end 

    def destroy 
     @post = Post.find(params[:post_id]) 
     @comment = @post.comments.find params[:id] 
     @comment.destroy 

     redirect_to @post 
    end 

    private 

    def comment_params 
     params.require(:comment).permit(:name, :body) 
    end 
end

來源

2016-02-02 14:01:20

-2

希望你有保持每個用戶以管理員或正常的角色。

你可以試試這個

in ability.rb 

include CanCan::Ability 

    def initialize(user) 

    case user.role 

    when User::Roles::ADMIN 
     can :manage, :all 
    end 

    when User::Roles::USER 
     can :create, Comment, :user_id => user.id 
    end 
    end

希望這將有助於

來源

2016-02-02 06:33:47 Chetan

+0

什麼是用戶.role和User :: Roles :: ADMIN ...角色和角色是兩回事? –

+0

用戶是你已經通過的當前對象,它包含一個字段作爲角色,而在你的User.rb文件(模型)中,你可以定義一個模塊,如'module Roles ADMIN:='super_admin''super_admin是在您的用戶模型 – Chetan

0

最有可能你只需要添加:管理,不允許用戶查看其他用戶的帖子:閱讀連同指令。

像這樣:

class Ability 
    include CanCan::Ability 
    def initialize(user) 
     unless user 
     else 
      case user.roles 
      when 'admin' 
      can :manage, Post 
      can :manage, Comment 
     when 'user' 
      can :manage, Post, user_id: user.id 
      can :manage, Comment, user_id: user.id 
      can :read, Post, user_id: user.id 
      can :read, Comment, user_id: user.id 
     end 
    end 
    end 
end

請參見本頁面:https://github.com/ryanb/cancan/wiki/defining-abilities

來源

2016-02-02 09:01:07 BitOfUniverse

相關問題

 相關問題