Cancan nested_routes将访问权限限制为：index [英] Cancan nested_routes restrict acces to :index

问题描述

我在康康舞和嵌套路线方面遇到一些问题。

I have some problems with cancan and a nested routes.

我有以下路线：

resources :companies do
   resources :projects
end

我对公司模型的功能没有问题，但是对于项目模型，如果他们不是公司的管理员，我想拒绝对Project＃index的访问。

I have no problem with the abilities for Company model but for the Project model I want to deny the access to Project#index if they are not admin of the company.

下一个代码有效：

can :show, Company do |company|
   if user.admins.include?(company) #check if the user is admin of the company
      can :index, Schedule, :company_id => company.id
   end
end 

但是我该怎么做：

can? :index, Project

我尝试将方法重命名为：

I tried by renamed the method like that :

can :index_projects, Company do |company|
   if user.admins.include?(company) #check if the user is admin of the company
      can :index, Schedule, :company_id => company.id
   end
end

并使用：

can? :index_projects, @company

但是它不起作用。

谢谢。

推荐答案

您需要在ProjectsController中使用以下内容：

you need to use something like this in your ProjectsController:

class ProjectsController < ApplicationController
  def index
    authorize! :index, Ability
    @projects = Project.order(:created_at)
  end
end

，当您尝试访问Projects＃index时CanCan会根据用户的能力检查功能并拒绝或允许访问

and when you`ll try to access Projects#index CanCan will check abilities and deny or allow access according to user abilities

prooflink https://github.com/ryanb/cancan/issues/209#issuecomment-609043

prooflink https://github.com/ryanb/cancan/issues/209#issuecomment-609043

希望这就是您需要的=]

hope this is what you need =]

这篇关于Cancan nested_routes将访问权限限制为：index的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！