如何将 CanCan 与 Rails 管理员一起使用来检查所有权 [英] How do I use CanCan with rails admin to check for ownership

问题描述

当我的应用中的用户不是管理员用户时，我只想让他们看到他们拥有的字段.

When a user in my app isn't an admin user i want to only let them see the fields that they have ownership of.

是否有一个如此设置 can :see 或类似的东西在每个字段的基础上，以便它只显示使用可以看到"的字段，或者我应该有一个名为 can :oversee 表示他们可以看到所有内容.

Is there a so set can :see or something like that on a per field basis so that it displays just the fields that that use "can see", or should I have an ability called can :oversee to state that they can see everything instead.

我想在 rails admin 中检查用户是否是 admin 会容易得多，所以在哪里设置 rails admin 只提取当前用户的记录.

I suppose it's much easier to just check if the user is admin or not in rails admin, so where set rails admin to only pull the current user's records.

推荐答案

使用 cancan，您可以像这样检查对象的权限:

With cancan, you can check permissions on objects like this:

if can?(:read, order)
  # do something!
end

if can?(:email, order)
  # do something!
end

但这仅指对象级别的可见性.

But that's only referring to visibility at the object level.

在 RailsAdmin 中，您可以通过传入块来设置字段可见性，如此处一>.

In RailsAdmin, you can set field visibility by passing in a blocks, described here.

例如:

RailsAdmin.config do |config|
  config.model Order do
    list do
      field :name
      field :profit do
        visible do
          current_user.roles.include?(:admin)
        end
      end
    end
  end
end

这篇关于如何将 CanCan 与 Rails 管理员一起使用来检查所有权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！