Ruby rails 上的控制器副本未授权用户
Ruby on rails controller copy does not autorize user
免责声明:我是 ruby..
的新手
我复制了 this controller 名称 timelog_estimates_controller.rb
,将 class 名称更改为 TimelogEstimatesController
创建了不同的路线,但页面显示“403 forbidden”。 =15=]
当我使用原来的 TimelogController 时,它工作得很好。
我想我错过了什么。
Redmine 使用声明式许可。当您创建一个新控制器时,它及其操作在权限定义中丢失,因此无法访问。
要解决此问题,您需要将新控制器的相关操作包含到权限定义中。 This is the location in lib/redmine.rb
您可能需要修改。为清晰起见,复制于此:
map.project_module :time_tracking do |map|
map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
map.permission :view_time_entries, {:timelog => [:index, :report, :show]}, :read => true
map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
end
您应该在此块中添加如下内容:
map.permission :view_time_estimates, {:timelog_estimates => [:index, :report, :show]}, :read => true
map.permission :edit_time_estimates, {:timelog_estimates => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_estimates, {:timelog_estimates => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
授权通过控制器中的这个调用工作:
before_filter :authorize_global, :only => [:new, :create, :index, :report]
如果您遵循 authorize_global
实施,您将 find this:
# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
if allowed
true
else
if @project && @project.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
render_403
行是您收到错误的原因。
免责声明:我是 ruby..
的新手我复制了 this controller 名称 timelog_estimates_controller.rb
,将 class 名称更改为 TimelogEstimatesController
创建了不同的路线,但页面显示“403 forbidden”。 =15=]
当我使用原来的 TimelogController 时,它工作得很好。 我想我错过了什么。
Redmine 使用声明式许可。当您创建一个新控制器时,它及其操作在权限定义中丢失,因此无法访问。
要解决此问题,您需要将新控制器的相关操作包含到权限定义中。 This is the location in lib/redmine.rb
您可能需要修改。为清晰起见,复制于此:
map.project_module :time_tracking do |map|
map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
map.permission :view_time_entries, {:timelog => [:index, :report, :show]}, :read => true
map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
end
您应该在此块中添加如下内容:
map.permission :view_time_estimates, {:timelog_estimates => [:index, :report, :show]}, :read => true
map.permission :edit_time_estimates, {:timelog_estimates => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_estimates, {:timelog_estimates => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
授权通过控制器中的这个调用工作:
before_filter :authorize_global, :only => [:new, :create, :index, :report]
如果您遵循 authorize_global
实施,您将 find this:
# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
if allowed
true
else
if @project && @project.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
render_403
行是您收到错误的原因。