Ruby on rails 用户未被拒绝使用CanCan访问活动管理
我正在使用Active Admin的CanCan授权适配器以及Rolify来管理管理站点上的授权。我有一个模型,Ruby on rails 用户未被拒绝使用CanCan访问活动管理,ruby-on-rails,ruby-on-rails-4,activeadmin,cancan,rolify,Ruby On Rails,Ruby On Rails 4,Activeadmin,Cancan,Rolify,我正在使用Active Admin的CanCan授权适配器以及Rolify来管理管理站点上的授权。我有一个模型,公司,有很多:手册,还有另一个模型,手册,有很多:部分 如果用户无权读取admin/manuals/1并将其键入地址栏,则会正确重定向并显示未经授权的消息。但是,如果用户在admin/manuals/1/parts中键入,则不会拒绝访问。他们被带到那个页面,除了所有的部分都对他们隐藏。应使用未经授权的消息将其重定向到仪表板 这是我的配置。提前感谢您提供的任何建议 config/rout
公司
,有很多:手册
,还有另一个模型,手册
,有很多:部分
如果用户无权读取admin/manuals/1
并将其键入地址栏,则会正确重定向并显示未经授权的消息。但是,如果用户在admin/manuals/1/parts
中键入,则不会拒绝访问。他们被带到那个页面,除了所有的部分都对他们隐藏。应使用未经授权的消息将其重定向到仪表板
这是我的配置。提前感谢您提供的任何建议
config/routes.rb
ActiveAdmin.routes(self)
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can :read, ActiveAdmin::Page, :name => "Dashboard"
if user.has_role? :admin
can :manage, :all
elsif user.has_role? :moderator
can :manage, Part, :manual => { :company_id => user.company_id }
else
can :read, Part, :manual => { :company_id => user.company_id }
end
end
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end
def authenticate_admin_user!
authenticate_user!
unless user_signed_in?
flash[:alert] = "You are not authorized to view this page"
redirect_to root_path
end
end
def current_admin_user #use predefined method name
return nil unless user_signed_in?
current_user
end
def after_sign_in_path_for(user)
if current_user.has_role? :admin
admin_dashboard_path
elsif current_user.has_role? :moderator
admin_manuals_path
else
company_path(user.company)
end
end
型号/能力.rb
ActiveAdmin.routes(self)
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can :read, ActiveAdmin::Page, :name => "Dashboard"
if user.has_role? :admin
can :manage, :all
elsif user.has_role? :moderator
can :manage, Part, :manual => { :company_id => user.company_id }
else
can :read, Part, :manual => { :company_id => user.company_id }
end
end
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end
def authenticate_admin_user!
authenticate_user!
unless user_signed_in?
flash[:alert] = "You are not authorized to view this page"
redirect_to root_path
end
end
def current_admin_user #use predefined method name
return nil unless user_signed_in?
current_user
end
def after_sign_in_path_for(user)
if current_user.has_role? :admin
admin_dashboard_path
elsif current_user.has_role? :moderator
admin_manuals_path
else
company_path(user.company)
end
end
我还覆盖了controllers/application\u controller.rb中的默认授权方法
ActiveAdmin.routes(self)
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can :read, ActiveAdmin::Page, :name => "Dashboard"
if user.has_role? :admin
can :manage, :all
elsif user.has_role? :moderator
can :manage, Part, :manual => { :company_id => user.company_id }
else
can :read, Part, :manual => { :company_id => user.company_id }
end
end
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end
def authenticate_admin_user!
authenticate_user!
unless user_signed_in?
flash[:alert] = "You are not authorized to view this page"
redirect_to root_path
end
end
def current_admin_user #use predefined method name
return nil unless user_signed_in?
current_user
end
def after_sign_in_path_for(user)
if current_user.has_role? :admin
admin_dashboard_path
elsif current_user.has_role? :moderator
admin_manuals_path
else
company_path(user.company)
end
end
您是否已将方法
load_和\u authorize_resource
添加到控制器中
像这样:
class SomeController < ApplicationController
load_and_authorize_resource
...
end
class SomeController
在
app/admin/parts.rb
中添加controller.load\u和\u authorize\u资源
或controller.authorize\u资源
为我提供了一个受保护的授权方法代码>错误。嘿,你发现了吗?我正处于获得受保护方法授权的位置代码>错误。我没有。我最终得到了如此多的深度嵌套的路由,以至于仅仅构建自己的管理变得更加容易。