Ruby on rails cancan:在数据库中存储与可访问?
我们有一个UI,允许管理员更改用户的权限。因此,我们将这些权限存储在数据库中 我们的能力课程是:Ruby on rails cancan:在数据库中存储与可访问?,ruby-on-rails,cancan,Ruby On Rails,Cancan,我们有一个UI,允许管理员更改用户的权限。因此,我们将这些权限存储在数据库中 我们的能力课程是: class Ability include CanCan::Ability def initialize(user) user ||= User.new # guest user if user.role? :super_admin can :manage, :all else if user.role? :live_trader can :admin, LiveEvent
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role? :super_admin
can :manage, :all
else
if user.role? :live_trader
can :admin, LiveEvent
end
if user.role? :horse_trader
can :horse_admin, Event
end
if user.role? :channel_admin
can :manage, Channel
end
if user.role? :device_admin
can :manage, Device
end
if user.role? :ost
can :read, Customer.first
end
can do |action, subject_class, subject|
user.roles.find_all_by_action(aliases_for_action(action)).any? do |role|
role.authorizable_type == subject_class.to_s &&
(subject.nil? || role.authorizable_id.nil? || role.authorizable_id == subject.id)
end
end
# can always manage ourselves
can :manage, user
end
end
end
它工作得很好,只是我们不能使用。我们得到:
The accessible_by call cannot be used with a block 'can' definition.
我看不到任何其他限制结果集的方法。。。这是一个bug还是我们做错了?错误消息说明了一切,真的 有两种使用数据库权限的方法。一个使用“can”块,另一个使用显式“can”权限。他们实现了同样的目标 您可以查看以查看这两个示例 我想说的是,您希望将“can”块重写为:
user.roles.each do |role|
if permission.subject_id.nil?
can permission.action.to_sym, role.authorizable_type.constantize
else
can permission.action.to_sym, role.authorizable_type.constantize, :id => role.authorizable_id
end
end
嗯