CanCan：限制用户根据其角色设置某些模型属性的能力 [英] CanCan: limiting a user's ability to set certain model attributes based on their role

问题描述

我有一个 Post 模型，该模型具有：已发布的属性（ boolean ）和 User 模型，该模型具有 role 属性（ string ）。有三个角色： ROLES =％w [管理发布者作者]

I have a Post model with a :published attribute (boolean) and a User model with a role attribute (string). There are three roles: ROLES = %w[admin publisher author]

我不希望用户扮演其角色是作者的人，可以设置，或编辑，即Post模型上的：已发布字段。

I don't want users whose role is author to be capable of setting, or editing, the :published field on the Post model.

我正在使用CanCan（和RailsAdmin gem），简化后的Ability.rb文件如下所示：

I'm using CanCan (and RailsAdmin gem) and my simplified Ability.rb file looks like this:

class Ability
  include CanCan::Ability
  def initialize(user)
    user ||= User.new

    if user.role? :admin
      can :manage, :all
    elsif user.role? :publisher
      can :manage, Post
    elsif user.role? :author
      # I want to prevent these guys from setting the :published attribute
    end

  end
end

有人知道做这种事情的任何提示吗？

Anyone got any tips for doing this sort of thing?

推荐答案

到目前为止，这是不可能的。但是根据此内容： https://github.com/ryanb/cancan/issues/326此功能应该在cancan 2.0中。

So far it is not possible. But according to this: https://github.com/ryanb/cancan/issues/326 this feature should be in cancan 2.0.

更新：您可以在CanCan 2.0分支上看到此功能： https://github.com/ryanb/cancan/tree/2.0 在资源属性部分

Update: you can see this on CanCan 2.0 branch here: https://github.com/ryanb/cancan/tree/2.0 in section "Resource Attributes"

这篇关于CanCan：限制用户根据其角色设置某些模型属性的能力的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！