索引列出所有内容,cancancan 不过滤
The index is listing everything, cancancan is not filtering
我有这个列出所有 pops 的视图,只是它取决于用户,它不应该显示所有内容,所以我使用 cancancan 来过滤,但它不再起作用了。
我的观点(pops/index.html.erb):
<% if @pops.present? %>
<table class="table table-striped">
<thead>
<tr>
<th scope="col">Titulo</th>
<th colspan="4"></th>
</tr>
</thead>
<% @pops.each do |pop| %>
<tbody>
<tr>
<% if can? :index, Pop %>
<td scope="row"><%= pop.title %></td>
<% end %>
<% if can? :show, Pop %>
<td><%= link_to 'Mostrar', pop %></td>
<% end %>
<% if can? :edit, Pop %>
<td><%= link_to 'Editar', edit_pop_path(pop) %></td>
<% end %>
<% if can? :delete, Pop %>
<td><%= link_to 'Excluir', pop, method: :delete %></td>
<% end %>
<% if can? :index_pdf, Pop %>
<td><%= link_to 'Exportar', index_pdf_path(pop) %></td>
<% end %>
</tr>
</tbody>
<% end %>
</table>
<% end %>
我的模型
class Pop < ApplicationRecord
enum charge: {
Auxiliar: 1,
Analista: 2,
Coordenador: 3,
Supervisor: 4,
Gerente: 5,
Diretor: 6
}
enum status: {
active: 0,
inactive: 1
}
has_many :pop_groups
has_many :groups, :through => :pop_groups, :dependent => :destroy
end
我的能力
class Ability
include CanCan::Ability
def initialize(user)
if user
if user.kind == 'user'
if user.charge == 'Auxiliar'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Analista'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Coordenador'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Coordenador'
end
if user.charge == 'Supervisor'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Coordenador', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Supervisor', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Gerente'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Coordenador', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Supervisor', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Gerente', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Diretor'
can :index_pdf, Pop, status: 'active'
can :read, Pop, status: 'active'
end
end
end
end
end
我尝试了很多方法,但我无法让他接受用户看不到的东西。有人有什么想法吗?
好的,我成功了。这是代码。
<% @pops.each do |pop| %>
<tbody>
<% if can? :show, pop %>
<tr>
<td><%= pop.title if can? :show, pop %></td>
<td><%= link_to 'Visualizar', pop if can? :show, pop %></td>
<td><%= link_to 'Editar', edit_pop_path(pop) if can? :edit, pop %></td>
<td><%= link_to 'Excluir', pop, method: :delete if can? :delete, pop %></td>
<td><%= link_to 'Exportar', index_pdf_path(pop) if can? :index_pdf, pop %></td>
</tr>
<% end %>
<%end%>
第一个'if'是'each'不创建空行。其他都是测试用户是否有权限。
我有这个列出所有 pops 的视图,只是它取决于用户,它不应该显示所有内容,所以我使用 cancancan 来过滤,但它不再起作用了。
我的观点(pops/index.html.erb):
<% if @pops.present? %>
<table class="table table-striped">
<thead>
<tr>
<th scope="col">Titulo</th>
<th colspan="4"></th>
</tr>
</thead>
<% @pops.each do |pop| %>
<tbody>
<tr>
<% if can? :index, Pop %>
<td scope="row"><%= pop.title %></td>
<% end %>
<% if can? :show, Pop %>
<td><%= link_to 'Mostrar', pop %></td>
<% end %>
<% if can? :edit, Pop %>
<td><%= link_to 'Editar', edit_pop_path(pop) %></td>
<% end %>
<% if can? :delete, Pop %>
<td><%= link_to 'Excluir', pop, method: :delete %></td>
<% end %>
<% if can? :index_pdf, Pop %>
<td><%= link_to 'Exportar', index_pdf_path(pop) %></td>
<% end %>
</tr>
</tbody>
<% end %>
</table>
<% end %>
我的模型
class Pop < ApplicationRecord
enum charge: {
Auxiliar: 1,
Analista: 2,
Coordenador: 3,
Supervisor: 4,
Gerente: 5,
Diretor: 6
}
enum status: {
active: 0,
inactive: 1
}
has_many :pop_groups
has_many :groups, :through => :pop_groups, :dependent => :destroy
end
我的能力
class Ability
include CanCan::Ability
def initialize(user)
if user
if user.kind == 'user'
if user.charge == 'Auxiliar'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Analista'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Coordenador'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Coordenador'
end
if user.charge == 'Supervisor'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Coordenador', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Supervisor', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Gerente'
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Auxiliar', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Analista', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Coordenador', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Supervisor', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
can [:index_pdf, :show, :read, :view, :index], Pop, status: 'active', charge: 'Gerente', id: PopGroup.where(group_id: user.group_ids).pluck(:pop_id).uniq
end
if user.charge == 'Diretor'
can :index_pdf, Pop, status: 'active'
can :read, Pop, status: 'active'
end
end
end
end
end
我尝试了很多方法,但我无法让他接受用户看不到的东西。有人有什么想法吗?
好的,我成功了。这是代码。
<% @pops.each do |pop| %>
<tbody>
<% if can? :show, pop %>
<tr>
<td><%= pop.title if can? :show, pop %></td>
<td><%= link_to 'Visualizar', pop if can? :show, pop %></td>
<td><%= link_to 'Editar', edit_pop_path(pop) if can? :edit, pop %></td>
<td><%= link_to 'Excluir', pop, method: :delete if can? :delete, pop %></td>
<td><%= link_to 'Exportar', index_pdf_path(pop) if can? :index_pdf, pop %></td>
</tr>
<% end %>
<%end%>
第一个'if'是'each'不创建空行。其他都是测试用户是否有权限。