Cancan nested_routes将访问权限限制为:index [英] Cancan nested_routes restrict acces to :index
问题描述
我在康康舞和嵌套路线方面遇到一些问题。
I have some problems with cancan and a nested routes.
我有以下路线:
resources :companies do
resources :projects
end
我对公司模型的功能没有问题,但是对于项目模型,如果他们不是公司的管理员,我想拒绝对Project#index的访问。
I have no problem with the abilities for Company model but for the Project model I want to deny the access to Project#index if they are not admin of the company.
下一个代码有效:
can :show, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
但是我该怎么做:
can? :index, Project
我尝试将方法重命名为:
I tried by renamed the method like that :
can :index_projects, Company do |company|
if user.admins.include?(company) #check if the user is admin of the company
can :index, Schedule, :company_id => company.id
end
end
并使用:
can? :index_projects, @company
但是它不起作用。
谢谢。
推荐答案
您需要在ProjectsController中使用以下内容:
you need to use something like this in your ProjectsController:
class ProjectsController < ApplicationController
def index
authorize! :index, Ability
@projects = Project.order(:created_at)
end
end
,当您尝试访问Projects#index时CanCan会根据用户的能力检查功能并拒绝或允许访问
and when you`ll try to access Projects#index CanCan will check abilities and deny or allow access according to user abilities
prooflink https://github.com/ryanb/cancan/issues/209#issuecomment-609043
prooflink https://github.com/ryanb/cancan/issues/209#issuecomment-609043
希望这就是您需要的=]
hope this is what you need =]
这篇关于Cancan nested_routes将访问权限限制为:index的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!