Ruby on rails 动态权限不适用于cancan中的单个模型
我使用CancanGem为管理员端的动态权限编写了代码 当我授予所有和读取/创建权限时。它将起作用,但当我授予modle_name和read/create权限时。它将显示访问被拒绝。当存在该权限时Ruby on rails 动态权限不适用于cancan中的单个模型,ruby-on-rails,permissions,authorization,cancan,Ruby On Rails,Permissions,Authorization,Cancan,我使用CancanGem为管理员端的动态权限编写了代码 当我授予所有和读取/创建权限时。它将起作用,但当我授予modle_name和read/create权限时。它将显示访问被拒绝。当存在该权限时 class ApplicationController < ActionController::Base protect_from_forgery rescue_from CanCan::AccessDenied do |exception| logger.info("<
class ApplicationController < ActionController::Base
protect_from_forgery
rescue_from CanCan::AccessDenied do |exception|
logger.info("<.............#{exception.inspect}...........>")
flash[:alert] = "Access denied. You are not authorized to access the requested page."
redirect_to user_root_path
end
protected
#derive the model name from the controller. egs UsersController will return User
def self.permission
return name = self.name.gsub('Controller','').singularize.split('::').last.constantize.name rescue nil
end
def current_ability
@current_ability ||= Ability.new(current_user)
end
#load the permissions for the current user so that UI can be manipulated
def load_permissions
@current_permissions = current_user.roles.each do|role|
end
end
end
class Ability
include CanCan::Ability
def initialize(user)
user.roles.each do|role|
role.permissions.each do |permission|
if permission.subject_class == "all"
can permission.action.to_sym, permission.subject_class.to_sym
else
can permission.action.to_sym, permission.subject_class.constantize
end
end
end
end
end
is将以控制台形式向我显示错误
<....CanCan......:public_doc...........>
<....CanCan......:new...........>
<....CanCan......#<CanCan::AccessDenied: You are not authorized to access this page.>...........>
我做了一些这样的代码
请帮我解决这个问题。
谢谢。我将我的能力课程编辑为:
class Ability
include CanCan::Ability
def initialize(user)
user.roles.each do|role|
role.permissions.each do |permission|
if permission.subject_class == "all"
can permission.action.to_sym, permission.subject_class.to_sym
else
can permission.action.to_sym, permission.subject_class.to_sym
end
end
end
end
end
并在权限中传递值,如下所示
permission.subject_class = public_doc
permission.action = create
这是为我工作。
:)
permission.subject_class = public_doc
permission.action = create