如何使用康康舞授权资源的阵列？ [英] How do I use cancan to authorize an array of resources?

问题描述

我有我尝试使用康康舞授权非宁静控制器！方法应用权限。

I have a non-restful controller that I am trying to use the cancan authorize! method to apply permissions to.

我有开始像这样一个delete_multiple动作

I have a delete_multiple action that starts like so

def delete_multiple
    @invoices = apparent_user.invoices.find(params[:invoice_ids])

我要检查用户有权继续之前删除所有这些发票。如果我用

I want to check that the user has permission to delete all of these invoices before proceeding. If I use

authorize! :delete_multiple, @invoices

许可被拒绝。我ability.rb包括以下

permission is refused. My ability.rb includes the following

if user.admin?
  can :manage, :all
elsif user.approved_user?
  can [:read, :update, :destroy, :delete_multiple], Invoice, :user_id => user.id
end

它是通过我的数组循环，并要求单独授权或有做事情的聪明的方法的问题？我开始觉得自己像做授权，会更容易比手动使用康康舞为一个复杂的非宁静控制器（虽然我有很多其他的宁静控制器在我的应用程序，其中它的伟大工程）。

Is it a matter of looping through my array and calling authorize individually or is there a smarter way of doing things? I'm starting to feel like doing authorizations would be easier manually than by using cancan for a complicated non-restful controller (although I have plenty of other restful controllers in my app where it works great).

推荐答案

一个小这里晚，但你可以在你的能力类写这个

A little late in here but you can write this in your ability class

can :delete_multiple, Array do |arr|
  arr.inject(true){|r, el| r && can?(:delete, el)}
end

修改

这也可以写成：

can :delete_multiple, Array do |arr|
  arr.all? { |el| can?(:delete, el) }
end

这篇关于如何使用康康舞授权资源的阵列？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！