Rails 4-Pundit-如何编写if语句来检查用户权限 [英] Rails 4 - pundit - how to write if statement to check user permissions
问题描述
我正在尝试学习如何在我的Rails 4应用程序中使用pundit.
I'm trying to learn how to use pundit with my Rails 4 app.
我有潜在的使用政策.潜在用途表具有一个称为:user_id的属性.
I have a potential use policy. The potential use table has an attribute called :user_id.
我希望允许用户创建实例时更新它们.我试图弄清楚如何使更新操作生效.
I want users to be permitted to update instances if they created them. I'm trying to figure out how to get the update action to work.
我当前的尝试如下所示.
My current attempts are shown below.
class PotentialUsePolicy < ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
true if user.is_admin?
end
def show?
true
end
def new?
true
end
def create?
new?
end
def update?
if @user.id == @potential_use.user_id
# if user.id == potential_use.user_id
true
else
false
end
end
def destroy?
update?
end
def edit?
true
end
def potential_use
record
end
end
尝试这些方法时,我不断收到错误消息:
When I try these, I keep getting errors saying:
undefined method `user_id' for nil:NilClass
我不明白为什么收到此消息.在控制台中查看时,会看到一个包含用户ID的条目.
I don't understand why I get this message. When I look in the console, I can see an entry which has a user id.
p = PotentialUse.where(project_id: 26)
PotentialUse Load (0.5ms) SELECT "potential_uses".* FROM "potential_uses" WHERE "potential_uses"."project_id" = $1 [["project_id", 26]]
=> #<ActiveRecord::Relation [#<PotentialUse id: 9, comment: "adsfsfdadfasdddxxddbbdd", project_id: 26, created_at: "2016-08-18 23:16:06", updated_at: "2016-08-24 01:06:00", user_id: 1, private_comment: false>]>
2.3.0p0 :016 >
当我在视图中查看时(不尝试使用pundit策略,该页面将呈现所有正确的内容,包括用户名(由user_id访问).
When I look in the view (without trying to use the pundit policy, the page renders with all the right content, including the user name (which is accessed by the user_id).
我的潜在使用控制器中的更新操作具有:
The update action in my potential use controller has:
def update
authorize @potential_use
respond_to do |format|
if @potential_use.update(potential_use_params)
format.html { redirect_to @project, notice: 'Potential use was successfully updated.' }
format.json { render :show, status: :ok, location: @potential_use }
else
format.html { render @project }
format.json { render json: @potential_use.errors, status: :unprocessable_entity }
end
end
end
有人能看到我做错了吗?
Can anyone see what I've done wrong?
推荐答案
要从视图中检查用户是否有权对策略执行操作:
To check if a user has permission to perform an action on a policy from a view:
<% if policy(@post).update? %>
<%= link_to "Edit post", edit_post_path(@post) %>
<% end %>
这篇关于Rails 4-Pundit-如何编写if语句来检查用户权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!