질문
묘사
안녕하세요. 저는 rails 응용 프로그램이 하나 있는데 다음과 같은 모델을 포함합니다. 사용자, 블로그, 게시물, 블로그 회원입니다. class BlogMembership < ActiveRecord::Base
belongs_to :user
belongs_to :blog
# Membership types:
SUBSCRIBER = 0
AUTHOR = 1
MODERATOR = 2
end
class Blog < ActiveRecord::Base
has_many :posts
has_many :memberships, :class_name => "BlogMembership"
# Blog memberships
def subscribers
self.memberships.where(:membership_type => [BlogMembership::SUBSCRIBER, BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
end
def authors
self.memberships.where(:membership_type => [BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
end
def moderators
self.memberships.where(:membership_type => BlogMembership::MODERATOR).collect(&:user)
end
끝맺다능력 과정에서(cancan을 사용하여 방문 제한을 하기 때문에) 사용자와 게시자가 블로그에 대한 방문을 제한하려 하였으나 다음과 같은 규칙을 따른다.
if user.is? :moderator
can :manage, Post do |post|
post.blog.moderators.include? user
end
end
모든 사용자는 블로그에 게시물을 보낼 수 있습니다.관계 방안을 따르기 위해 능력류에서 규칙을 어떻게 정확하게 설정하는지 말씀해 주시겠어요?
토론 #1
네가 잘한 것 같아.이것은 당신의 능력 파일 중 유일한can :manage, Post
입니까?모든 사용자가 댓글을 관리할 수 있도록 하는 또 다른 방법이 있을지도 모른다.토론 #2
아무것도 허락하지 않습니다. (제 노선을 보세요-http://pastie.org/1337785, 아마도 두 개의'자원: 댓글'이 나의 문제를 야기했을 것이다.토론 #셋
블로그에 플러그인 없이 댓글을 관리하고 싶다면:shallow => true
옵션을 선택할 수 있다.load_and_authorize_resource :post, :through => :blog, :shallow => true
However I don't think that's your problem here. The best thing to do is try it in the console or in tests.
user = User.first # fetch some user post = Post.first # some post ability = Ability.new(user) ability.can? :edit, post
See what the can?
call returns and make sure it has the behavior you expect. If it doesn't, tell me what it is returning and what you are expecting.
토론 #4
Thanks for idea with shallow_routes, but the problem still exists. Main idea is to manage permissions for posts depending on user's membership in blog. If user is moderator and has BlogMembership s moderator it means that user must have all abilities for post creation/management in this blog, but if it is a regular user - only view permissions.
unfortunately rules like
if user.is? :moderator
can :manage, [Blog, Post] do |blog, post|
Blog.find(blog).moderators.include? user
end
end
일하지 않음: 토론 #5
내가 보여준 것처럼 Rails 컨트롤러에서 사용해 보셨어요?나는 그것이 더 이상 디버깅을 하기 위해서 작동하지 않는 구체적인 상황을 보아야 한다고 생각한다.전체 콘솔 세션이 작동하지 않도록 여기에 붙여 넣으십시오.토론 #6
네, 여기 간식이 좀 있습니다.http://pastie.org/1359654<--데이터베이스의 일부 데이터
http://pastie.org/1359666<--게시물 및 블로그
사례 1 -http://pastie.org/1359730
사례 2 -http://pastie.org/1359758
토론 #7
스티커를 발표해 주셔서 감사합니다.이런 규칙은 통하지 않는다.
무슨 생각 있어요?
토론 #9
권한을 정하는토론 #10
호출은 무엇입니까?너 지금 이렇게 하는 거야?if user.is? :moderator can :manage, [Blog, Post] do |blog, post| Blog.find(blog).moderators.include? user end end
Because if you pass an array to can
it will match either a post or blog and pass that single object into the block. There is no second argument on that block.
What you originally had should be correct. You can add the blogs to that as well but it must be done separately.
if user.is? :moderator can :manage, Post do |post| post.blog.moderators.include? user end can :manage, Blog do |blog| blog.moderators.include? user end end
Let me know if that doesn't work.
토론 #8
Doesn't work :( With your configuration moderator have access to they blog, but not to others (to anything). It's so strange because i have following lines on the bottom of config
can [:index, :list, :show, :feed], Blog
can [:index, :show, :tag, :feed], Post
그러나 판주가 아니더라도: 분류를 만들 수 있습니다.그리고 한번 해봤어요.
can? :manage, @post
Normally :manage
is not used in a can?
call because you should be checking on a specific controller action.
can? :show, @post
Try that and see if it gets the behavior you want.
토론 #11
for the last configuration i have attempted to access posts#index page (without any "can?") for the blog without moderator permissions and saw "Access denied" page. But on attempt to access blog with moderator permissions - everything work good.
as i have written - it's so strange because i have can [:index, :list, :show, :feed], Blog can [:index, :show, :tag, :feed], Post at bottom :(
토론 #12
Does it work when you do this in the console?
user = User.first # some user ability = Ability.new(user) ability.can? :index, Post
That should return true if you have those rules at the bottom. If not then this is a bug in CanCan.
토론 #13
it returns true, but (i have checked once again) - on attempt to visit blog without moderators rights - still access denied
토론 #14
Which action of which controller specifically are you visiting? Sorry if you've said before, but I'm just trying to figure out why it's behaving differently in the console.
토론 #15
ok :) in both cases i'm visiting the same action - index of posts_controller.
토론 #16
Try adding the :read
action to the list of Blog actions. You won't need the index/show actions with :read
since they are aliased.
can [:list, :read, :feed], Blog
The reason you need this is that posts are nested under Blog and CanCan checks there there is :read
access to the parent blog. I should probably change this to :show
action now that I think about it.
토론 #17
Hi, much better, but there are some problems still exists. For now - any user can see list of posts in any blog (correct), on attempt to create new post for moderated by this user blog post created (correct) and in not moderated - acess denied exception (correct). But for both blogs - "if can? :create, Post" returns true and show content inside if-block (wrong) :(
토론 #18
Of course - i can add validation "is User in moderators list", but could you check - maybe there are any possible way to use only "if can? :create, Post"? Maybe we can use something like "if can? :create, Post, @blog"?
토론 #19
You can represent nesting with can? :create, @blog => Post
, does that work for you?
토론 #20
the same result :( protected link to create new post still shown but on click - access denied
토론 #21
Closing this because it is an old issue. I'm sorry your problem was never resolved, I'm not sure what the issue could have been.
토론 #22
ok. i have solved this issue with migration to declarative_authorization :)
토론 #23
Hi, i've got the same issue.
I have a user, that has many clubs, and the user is a member of each club, through member model.
When a user is moderator of club, he could manage everything.
In abilities.rb:
# Category abilities with issue
can :manage, Category do |category|
user.moderator_of? category.club
end
하지만 지금은 판주도 분류를 만들 수 없다.이것은 내 페이지 기능에서 발생한 적이 있다. 예를 들어 다음과 같다.
# Category abilities still with issue
can :manage, Category do |category|
user.moderator_of? category.club
end
cannot :create, Category do |category|
!user.moderator_of? category.club
end
그러나 이 방법은 페이지의 문제를 복원할 수 없다. 같은 종류의 문제. 불행하게도 나는 같은 방법으로 분류를 복원할 수 없다.can?
헤이, 내 문제를 해결했어.제455기 서술한 바와 같다
Reference
이 문제에 관하여(질문), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://github.com/ryanb/cancan/issues/201텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)