Pundit :: PolicyScopingNotPerformedError [英] Pundit::PolicyScopingNotPerformedError
问题描述
我对使用此Pundit gem尚不陌生,但似乎在理解政策体系方面遇到困难。从我读过的所有内容来看,尽管我仍然遇到错误,但一切似乎都是正确的
I am fairly new to using this Pundit gem but seem to be having trouble understanding the policy system. From everything I have read it all appears to be correct though I am still getting an error
应用程序控制器
class ApplicationController < ActionController::Base
include Pundit
protect_from_forgery
before_filter :authenticate_person!
# Verify that controller actions are authorized. Optional, but good.
after_filter :verify_authorized, except: :index
after_filter :verify_policy_scoped, only: :index
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
private
def pundit_user
Person.find_by_id(current_person)
end
def user_not_authorized
flash[:alert] = "You are not authorized to perform this action."
# redirect_to(request.referrer || root_path)
end
end
应用程序策略
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
raise Pundit::NotAuthorizedError, "must be logged in" unless user
@user = user
@record = record
end
def index?
false
end
def show?
scope.where(:id => record.id).exists?
end
def create?
false
end
def new?
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
end
end
错误消息
Pundit::AuthorizationNotPerformedError in Devise::SessionsController#new
推荐答案
您可能需要检查本节摘自Pundit自述文件。
You probably need to check this section from Pundit's readme.
基本上,在 after_action
中使用 verify_authorized
时,它将检查 authorized $ c
It basically says, that when using verify_authorized
is used in after_action
, it will check if authorized
was actually called.
Pundit添加了一种称为
verify_authorized $ c $的方法。 c>到您的控制器。如果尚未调用
authorize
,则此方法将引发异常。您应该在after_action
中运行此方法,以确保您没有忘记授权
动作。
Pundit adds a method called
verify_authorized
to your controllers. This method will raise an exception ifauthorize
has not yet been called. You should run this method in anafter_action
to ensure that you haven't forgotten toauthorize
the action.
verify_policy_scoped
也是这样,但 policy_scope
:
同样,Pundit还会在您的计算机上添加
verify_policy_scoped
控制器。这将引发verify_authorized
异常。但是,它跟踪是否使用policy_scope
而不是授权
。这对于像index
这样的控制器操作非常有用,这些操作会找到具有范围的集合,并且不对单个实例进行授权。
Likewise, Pundit also adds
verify_policy_scoped
to your controller. This will raise an exception in the vein ofverify_authorized
. However, it tracks ifpolicy_scope
is used instead ofauthorize
. This is mostly useful for controller actions likeindex
which find collections with a scope and don't authorize individual instances.
在您的情况下,异常是由于您没有在 Devise :: SessionsController#new
操作中调用授权而引起的。
In your case exception is caused by the fact that you didn't called authorize in Devise::SessionsController#new
action.
我认为,最好的处理方法是从 ApplicationController <中删除
并将其移至子类。 after_action
支票
I think, the best way to deal with it, is to remove after_action
checks from ApplicationController
and move them to a subclass.
这篇关于Pundit :: PolicyScopingNotPerformedError的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!