使用 Pundit 的各种角色的索引视图限制 [英] Index View Restrictions for Various Roles using Pundit
问题描述
我正在尝试为三个角色创建一个节目视图.管理员、超级用户和用户.管理员应该看到所有用户.超级用户应该只看到用户,而用户不应该看到任何人.当我在 else user.super_user?
的解析中使用注释掉的策略方法时,会给我 unsupported: TrueClass
错误.欢迎提出任何建议.
I'm trying to create a show view for three roles. Admin, super user, and user. An admin should see all of the users. A super user should see only users and a user should not see anyone. When I used the commented out policy method in the resolve for else user.super_user?
would give me unsupported: TrueClass
error. Any suggestions are welcomed.
用户控制器
def index
@users = policy_scope(User)
authorize User
end
用户政策
class UserPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user
@user = model
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else user.super_user?
scope.where(user.role = 'user' )
# scope.where(user.role != 'admin') [this would not work in the views, but it would work in rails c]
end
end
end
def index?
@current_user.admin? or @current_user.super_user?
end
end
更新 用户控制器
class UsersController < ApplicationController
before_filter :authenticate_user!
after_action :verify_authorized
def index
@users = policy_scope(User)
end
end
<小时>
正确答案
我想出了我需要做什么.我错误地调用了这个角色.更新范围如下.
I figured out what I needed to do. I was calling the role incorrectly. Updated scope below.
class UserPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user
@user = model
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else user.super_user?
scope.where(role: 'user' )
end
end
end
def index?
@current_user.admin? or @current_user.super_user?
end
控制器
class UsersController < ApplicationController
before_filter :authenticate_user!
after_action :verify_authorized
def index
@users = policy_scope(User)
authorize @users
end
推荐答案
你的解析方法应该使用 elsif
:
Your resolve method should use elsif
:
# Safer option
def resolve
if user.admin?
scope.all
elsif user.super_user?
scope.where(user.role = 'user' )
else
scope.none
end
end
或者根本不检查超级用户,只依赖在使用结果之前检查用户的授权:
or not check for the super user at all and just depend on checking the authorization of the user before the result is used:
# This option is the same as the code you added to your question
# but doesn't include the unnecessary check
def resolve
if user.admin?
scope.all
else
scope.where(user.role = 'user' )
end
end
更新以处理不是管理员或超级用户的情况
updated to deal with the case of not being an admin or super user
这篇关于使用 Pundit 的各种角色的索引视图限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!