使用active_model_serializers序列化权限（例如CanCan） [英] Serialize permissions (e.g. CanCan) with active_model_serializers

问题描述

如何使用active_model_serializers序列化权限？我无法访问模型和序列化程序中的 current_user 或可以吗？方法。

How do I serialize permissions with active_model_serializers? I don't have access to current_user or the can? method in models and serializers.

推荐答案

首先，要在序列化程序上下文中访问 current_user ，请使用新的作用域功能：

First, to get access to the current_user in the serializer context, use the new scope feature:

class ApplicationController < ActionController::Base
  ...
  serialization_scope :current_user
end

如果您要手动实例化序列化程序，请确保通过范围：

In case you are instantiating serializers manually, be sure to pass the scope:

model.active_model_serializer.new(model, scope: serialization_scope)

然后在序列化程序中，添加自定义方法以添加自己的授权伪属性，使用作用域（当前用户）确定权限。

Then inside the serializer, add custom methods to add your own authorization pseudo-attributes, using scope (the current user) to determine permissions.

如果使用的是CanCan，则可以实例化Ability类以访问 can？方法：

If you are using CanCan, you can instantiate your Ability class to access the can? method:

attributes :can_update, :can_delete

def can_update
  # `scope` is current_user
  Ability.new(scope).can?(:update, object)
end

def can_delete
  Ability.new(scope).can?(:delete, object)
end

这篇关于使用active_model_serializers序列化权限（例如CanCan）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！