如何设置 cancan gem 的权限?

how set the permissions for cancan gem?

请帮忙解决问题。我尝试在安装 'cancan' 和 'cancancan' gems 后设置权限。

schema.rb:

create_table "roles", force: :cascade do |t|
  t.string   "name"
end

create_table "roles_users", id: false, force: :cascade do |t|
  t.integer "role_id"
  t.integer "user_id"
end

create_table "users", force: :cascade do |t|
  t.string   "email",                  default: "", null: false
  ................................................................
  t.datetime "created_at"
  t.datetime "updated_at"
end

型号:

class User < ActiveRecord::Base
  has_and_belongs_to_many :roles

  def role?(role)
    return !!self.roles.find_by_name(role.to_s.camelize)
  end     
end

class Role < ActiveRecord::Base
  has_and_belongs_to_many :users
end

app/models/ability.rb:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)

    if user.role? :admin
      can :manage, :all
    elsif user.role? :manager
      can :manage, :review
      cannot :manage, :user
    elsif user.role? :user
      cannot :manage, :all
    end   
  end
end

我担任了我的角色table遵循价值观:

id    name  
0     user
1     manager
2     admin

我填写了我的加入 table 'roles_users' 遵循值:

role_id       user_id
2             2
1             3
0             1

但是在运行之后申请权限就没有效果了。问题是管理员可以更改所有用户的信息。这是不对的。请帮助修复它

ps:

my user controller:
class UserController < ApplicationController
  load_and_authorize_resource
end

管理员通过管理面板更改用户信息后,控制台输出如下:

Started GET "/admin/users/1" for 127.0.0.1 at 2015-09-19 20:53:47 +0300
Processing by Admin::UsersController#show as HTML
  Parameters: {"id"=>"1"}
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 1]]
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ?  ORDER BY "users"."id" ASC LIMIT 1  [["id", 3]]
   (0.1ms)  SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ?  [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
  CACHE (0.0ms)  SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ?  [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
  Rendered /home/kalinin/.rvm/gems/ruby-2.0.0-p598/bundler/gems/activeadmin-893b46c6530c/app/views/active_admin/resource/show.html.arb (316.7ms)
Completed 200 OK in 321ms (Views: 318.9ms | ActiveRecord: 0.3ms)

您不需要在 role? 方法中调用 .camelize,因为您在 db 中的所有角色都以小写形式 (manager) 而不是驼峰式 ( ManagerOfTheApplication).

您的 Admin::UsersController 似乎位于 active_admin。尝试启用 active_admin and can_can integration:

config.authorization_adapter = ActiveAdmin::CanCanAdapter

查看上面的 link 详细信息。