如何设置 cancan gem 的权限?
how set the permissions for cancan gem?
请帮忙解决问题。我尝试在安装 'cancan' 和 'cancancan' gems 后设置权限。
schema.rb:
create_table "roles", force: :cascade do |t|
t.string "name"
end
create_table "roles_users", id: false, force: :cascade do |t|
t.integer "role_id"
t.integer "user_id"
end
create_table "users", force: :cascade do |t|
t.string "email", default: "", null: false
................................................................
t.datetime "created_at"
t.datetime "updated_at"
end
型号:
class User < ActiveRecord::Base
has_and_belongs_to_many :roles
def role?(role)
return !!self.roles.find_by_name(role.to_s.camelize)
end
end
class Role < ActiveRecord::Base
has_and_belongs_to_many :users
end
app/models/ability.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
elsif user.role? :manager
can :manage, :review
cannot :manage, :user
elsif user.role? :user
cannot :manage, :all
end
end
end
我担任了我的角色table遵循价值观:
id name
0 user
1 manager
2 admin
我填写了我的加入 table 'roles_users' 遵循值:
role_id user_id
2 2
1 3
0 1
但是在运行之后申请权限就没有效果了。问题是管理员可以更改所有用户的信息。这是不对的。请帮助修复它
ps:
my user controller:
class UserController < ApplicationController
load_and_authorize_resource
end
管理员通过管理面板更改用户信息后,控制台输出如下:
Started GET "/admin/users/1" for 127.0.0.1 at 2015-09-19 20:53:47 +0300
Processing by Admin::UsersController#show as HTML
Parameters: {"id"=>"1"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 3]]
(0.1ms) SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ? [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
CACHE (0.0ms) SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ? [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
Rendered /home/kalinin/.rvm/gems/ruby-2.0.0-p598/bundler/gems/activeadmin-893b46c6530c/app/views/active_admin/resource/show.html.arb (316.7ms)
Completed 200 OK in 321ms (Views: 318.9ms | ActiveRecord: 0.3ms)
您不需要在 role? 方法中调用 .camelize,因为您在 db 中的所有角色都以小写形式 (manager) 而不是驼峰式 ( ManagerOfTheApplication).
您的 Admin::UsersController 似乎位于 active_admin。尝试启用 active_admin and can_can integration:
config.authorization_adapter = ActiveAdmin::CanCanAdapter
查看上面的 link 详细信息。
请帮忙解决问题。我尝试在安装 'cancan' 和 'cancancan' gems 后设置权限。
schema.rb:
create_table "roles", force: :cascade do |t|
t.string "name"
end
create_table "roles_users", id: false, force: :cascade do |t|
t.integer "role_id"
t.integer "user_id"
end
create_table "users", force: :cascade do |t|
t.string "email", default: "", null: false
................................................................
t.datetime "created_at"
t.datetime "updated_at"
end
型号:
class User < ActiveRecord::Base
has_and_belongs_to_many :roles
def role?(role)
return !!self.roles.find_by_name(role.to_s.camelize)
end
end
class Role < ActiveRecord::Base
has_and_belongs_to_many :users
end
app/models/ability.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
elsif user.role? :manager
can :manage, :review
cannot :manage, :user
elsif user.role? :user
cannot :manage, :all
end
end
end
我担任了我的角色table遵循价值观:
id name
0 user
1 manager
2 admin
我填写了我的加入 table 'roles_users' 遵循值:
role_id user_id
2 2
1 3
0 1
但是在运行之后申请权限就没有效果了。问题是管理员可以更改所有用户的信息。这是不对的。请帮助修复它
ps:
my user controller:
class UserController < ApplicationController
load_and_authorize_resource
end
管理员通过管理面板更改用户信息后,控制台输出如下:
Started GET "/admin/users/1" for 127.0.0.1 at 2015-09-19 20:53:47 +0300
Processing by Admin::UsersController#show as HTML
Parameters: {"id"=>"1"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 3]]
(0.1ms) SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ? [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
CACHE (0.0ms) SELECT COUNT(*) FROM "active_admin_comments" WHERE "active_admin_comments"."resource_type" = ? AND "active_admin_comments"."resource_id" = ? AND "active_admin_comments"."namespace" = ? [["resource_type", "User"], ["resource_id", "1"], ["namespace", "admin"]]
Rendered /home/kalinin/.rvm/gems/ruby-2.0.0-p598/bundler/gems/activeadmin-893b46c6530c/app/views/active_admin/resource/show.html.arb (316.7ms)
Completed 200 OK in 321ms (Views: 318.9ms | ActiveRecord: 0.3ms)
您不需要在 role? 方法中调用 .camelize,因为您在 db 中的所有角色都以小写形式 (manager) 而不是驼峰式 ( ManagerOfTheApplication).
您的 Admin::UsersController 似乎位于 active_admin。尝试启用 active_admin and can_can integration:
config.authorization_adapter = ActiveAdmin::CanCanAdapter
查看上面的 link 详细信息。