Rails 4-Pundit-如何编写if语句来检查用户权限 [英] Rails 4 - pundit - how to write if statement to check user permissions

问题描述

我正在尝试学习如何在我的Rails 4应用程序中使用pundit.

I'm trying to learn how to use pundit with my Rails 4 app.

我有潜在的使用政策.潜在用途表具有一个称为:user_id的属性.

I have a potential use policy. The potential use table has an attribute called :user_id.

我希望允许用户创建实例时更新它们.我试图弄清楚如何使更新操作生效.

I want users to be permitted to update instances if they created them. I'm trying to figure out how to get the update action to work.

我当前的尝试如下所示.

My current attempts are shown below.

class PotentialUsePolicy < ApplicationPolicy

    attr_reader :user, :record

  def initialize(user, record)
    @user = user
    @record = record
  end


    def index?
        true if user.is_admin?
    end

    def show?
        true

    end

    def new?
      true
  end

    def create?
        new?
    end

    def update?
        if @user.id == @potential_use.user_id

        # if user.id == potential_use.user_id
            true
        else
            false
        end
    end

    def destroy?
        update?
    end

    def edit?
                true
    end

    def potential_use
        record
    end 

end

尝试这些方法时，我不断收到错误消息:

When I try these, I keep getting errors saying:

undefined method `user_id' for nil:NilClass

我不明白为什么收到此消息.在控制台中查看时，会看到一个包含用户ID的条目.

I don't understand why I get this message. When I look in the console, I can see an entry which has a user id.

p = PotentialUse.where(project_id: 26)
  PotentialUse Load (0.5ms)  SELECT "potential_uses".* FROM "potential_uses" WHERE "potential_uses"."project_id" = $1  [["project_id", 26]]
 => #<ActiveRecord::Relation [#<PotentialUse id: 9, comment: "adsfsfdadfasdddxxddbbdd", project_id: 26, created_at: "2016-08-18 23:16:06", updated_at: "2016-08-24 01:06:00", user_id: 1, private_comment: false>]> 
2.3.0p0 :016 > 

当我在视图中查看时(不尝试使用pundit策略，该页面将呈现所有正确的内容，包括用户名(由user_id访问).

When I look in the view (without trying to use the pundit policy, the page renders with all the right content, including the user name (which is accessed by the user_id).

我的潜在使用控制器中的更新操作具有:

The update action in my potential use controller has:

def update
    authorize @potential_use
    respond_to do |format|
      if @potential_use.update(potential_use_params)
        format.html { redirect_to @project, notice: 'Potential use was successfully updated.' }
        format.json { render :show, status: :ok, location: @potential_use }
      else
        format.html { render @project }
        format.json { render json: @potential_use.errors, status: :unprocessable_entity }
      end
    end
  end

有人能看到我做错了吗?

Can anyone see what I've done wrong?

推荐答案

要从视图中检查用户是否有权对策略执行操作:

To check if a user has permission to perform an action on a policy from a view:

<% if policy(@post).update? %>
  <%= link_to "Edit post", edit_post_path(@post) %>
<% end %>

这篇关于Rails 4-Pundit-如何编写if语句来检查用户权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！