如何使用康康舞授权资源的阵列? [英] How do I use cancan to authorize an array of resources?
问题描述
我有我尝试使用康康舞授权非宁静控制器!方法应用权限。
I have a non-restful controller that I am trying to use the cancan authorize! method to apply permissions to.
我有开始像这样一个delete_multiple动作
I have a delete_multiple action that starts like so
def delete_multiple
@invoices = apparent_user.invoices.find(params[:invoice_ids])
我要检查用户有权继续之前删除所有这些发票。如果我用
I want to check that the user has permission to delete all of these invoices before proceeding. If I use
authorize! :delete_multiple, @invoices
许可被拒绝。我ability.rb包括以下
permission is refused. My ability.rb includes the following
if user.admin?
can :manage, :all
elsif user.approved_user?
can [:read, :update, :destroy, :delete_multiple], Invoice, :user_id => user.id
end
它是通过我的数组循环,并要求单独授权或有做事情的聪明的方法的问题?我开始觉得自己像做授权,会更容易比手动使用康康舞为一个复杂的非宁静控制器(虽然我有很多其他的宁静控制器在我的应用程序,其中它的伟大工程)。
Is it a matter of looping through my array and calling authorize individually or is there a smarter way of doing things? I'm starting to feel like doing authorizations would be easier manually than by using cancan for a complicated non-restful controller (although I have plenty of other restful controllers in my app where it works great).
推荐答案
一个小这里晚,但你可以在你的能力类写这个
A little late in here but you can write this in your ability class
can :delete_multiple, Array do |arr|
arr.inject(true){|r, el| r && can?(:delete, el)}
end
修改
这也可以写成:
can :delete_multiple, Array do |arr|
arr.all? { |el| can?(:delete, el) }
end
这篇关于如何使用康康舞授权资源的阵列?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!