CanCanCan 中没有用户 ability.rb
Nil user in CanCanCan ability.rb
正在尝试从 React 组件获取异步请求。但是,由于权限无效,它总是失败。
示例工作请求:
Started GET "/" for 127.0.0.1 at 2017-10-04 16:32:00 -0400
Processing by EventsController#index as HTML
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 1], ["LIMIT", 1]]
Rendering events/index.html.erb within layouts/application
异步请求失败示例:
Started GET "/events/search?ne_lat=37.82915414554321&ne_lng=-122.13221051635742&sw_lat=37.72060601151162&sw_lng=-122.70658948364257" for 127.0.0.1 at 2017-10-04 16:32:07 -0400
Processing by EventsController#search as */*
Parameters: {"ne_lat"=>"37.82915414554321", "ne_lng"=>"-122.13221051635742", "sw_lat"=>"37.72060601151162", "sw_lng"=>"-122.70658948364257"}
... #NOTE: printing 'user' from byebug in ability.rb shows it as nil
CanCan::AccessDenied (You are not authorized to access this page.):
请注意,失败的请求不会 select/load 来自数据库查询的用户。任何想法可能出了什么问题? Ability.rb权限允许该请求,但异步调用时用户填写不正确
此请求之前使用 jQuery 工作,但我已经使用 fetch.
重写了它
这是控制器
class EventsController < ApplicationController
before_action :set_event, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
def index
@events = Event.all
end
...
def search
local_events = Event.includes(:address).references(:address)
.where("latitude >= ? AND latitude <= ? AND longitude >= ? AND longitude <= ?",
params[:sw_lat], params[:ne_lat], params[:sw_lng], params[:ne_lng]
)
.limit(50)
render json: local_events, only: [:id,:name,:description,:start], include: { address: { only: [:latitude,:longitude,:street_address] }}
end
end
还有 ability.rb
class Ability
include CanCan::Ability
def initialize(user)
can :read, :all
byebug
return if user == nil #user must be logged in after this point
#events
can [:search], Event
...
end
end
异步请求没有从数据库中查询用户,因为会话中没有用户ID。会话中没有用户 ID,因为 Fetch API 的 fetch 默认不包含 cookie。
为了发送带有获取请求的 cookie,请将 credentials 选项设置为 "same-origin" 或 "include":
fetch(url, {
credentials: 'include' // or 'same-origin' (see the link below)
})
正在尝试从 React 组件获取异步请求。但是,由于权限无效,它总是失败。
示例工作请求:
Started GET "/" for 127.0.0.1 at 2017-10-04 16:32:00 -0400
Processing by EventsController#index as HTML
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 1], ["LIMIT", 1]]
Rendering events/index.html.erb within layouts/application
异步请求失败示例:
Started GET "/events/search?ne_lat=37.82915414554321&ne_lng=-122.13221051635742&sw_lat=37.72060601151162&sw_lng=-122.70658948364257" for 127.0.0.1 at 2017-10-04 16:32:07 -0400
Processing by EventsController#search as */*
Parameters: {"ne_lat"=>"37.82915414554321", "ne_lng"=>"-122.13221051635742", "sw_lat"=>"37.72060601151162", "sw_lng"=>"-122.70658948364257"}
... #NOTE: printing 'user' from byebug in ability.rb shows it as nil
CanCan::AccessDenied (You are not authorized to access this page.):
请注意,失败的请求不会 select/load 来自数据库查询的用户。任何想法可能出了什么问题? Ability.rb权限允许该请求,但异步调用时用户填写不正确
此请求之前使用 jQuery 工作,但我已经使用 fetch.
重写了它这是控制器
class EventsController < ApplicationController
before_action :set_event, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
def index
@events = Event.all
end
...
def search
local_events = Event.includes(:address).references(:address)
.where("latitude >= ? AND latitude <= ? AND longitude >= ? AND longitude <= ?",
params[:sw_lat], params[:ne_lat], params[:sw_lng], params[:ne_lng]
)
.limit(50)
render json: local_events, only: [:id,:name,:description,:start], include: { address: { only: [:latitude,:longitude,:street_address] }}
end
end
还有 ability.rb
class Ability
include CanCan::Ability
def initialize(user)
can :read, :all
byebug
return if user == nil #user must be logged in after this point
#events
can [:search], Event
...
end
end
异步请求没有从数据库中查询用户,因为会话中没有用户ID。会话中没有用户 ID,因为 Fetch API 的 fetch 默认不包含 cookie。
为了发送带有获取请求的 cookie,请将 credentials 选项设置为 "same-origin" 或 "include":
fetch(url, {
credentials: 'include' // or 'same-origin' (see the link below)
})