질문

묘사

안녕하세요. 저는 rails 응용 프로그램이 하나 있는데 다음과 같은 모델을 포함합니다. 사용자, 블로그, 게시물, 블로그 회원입니다.

 class BlogMembership < ActiveRecord::Base
   belongs_to :user
   belongs_to :blog

   # Membership types:
   SUBSCRIBER = 0
   AUTHOR = 1
   MODERATOR = 2
 end

 class Blog < ActiveRecord::Base
   has_many :posts
   has_many :memberships, :class_name => "BlogMembership"

   # Blog memberships
   def subscribers
     self.memberships.where(:membership_type => [BlogMembership::SUBSCRIBER, BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
   end

   def authors
     self.memberships.where(:membership_type => [BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
   end

   def moderators
     self.memberships.where(:membership_type =>  BlogMembership::MODERATOR).collect(&:user)
   end

끝맺다
능력 과정에서(cancan을 사용하여 방문 제한을 하기 때문에) 사용자와 게시자가 블로그에 대한 방문을 제한하려 하였으나 다음과 같은 규칙을 따른다.

 if user.is? :moderator
   can :manage, Post do |post|
     post.blog.moderators.include? user
   end
 end

모든 사용자는 블로그에 게시물을 보낼 수 있습니다.
관계 방안을 따르기 위해 능력류에서 규칙을 어떻게 정확하게 설정하는지 말씀해 주시겠어요?

토론 #1

네가 잘한 것 같아.이것은 당신의 능력 파일 중 유일한 can :manage, Post입니까?모든 사용자가 댓글을 관리할 수 있도록 하는 또 다른 방법이 있을지도 모른다.

토론 #2

아무것도 허락하지 않습니다. (제 노선을 보세요-http://pastie.org/1337785, 아마도 두 개의'자원: 댓글'이 나의 문제를 야기했을 것이다.

토론 #셋

블로그에 플러그인 없이 댓글을 관리하고 싶다면:shallow => true 옵션을 선택할 수 있다.

load_and_authorize_resource :post, :through => :blog, :shallow => true

However I don't think that's your problem here. The best thing to do is try it in the console or in tests.

user = User.first # fetch some user
post = Post.first # some post
ability = Ability.new(user)
ability.can? :edit, post

See what the can? call returns and make sure it has the behavior you expect. If it doesn't, tell me what it is returning and what you are expecting.

토론 #4

Thanks for idea with shallow_routes, but the problem still exists. Main idea is to manage permissions for posts depending on user's membership in blog. If user is moderator and has BlogMembership s moderator it means that user must have all abilities for post creation/management in this blog, but if it is a regular user - only view permissions.

unfortunately rules like

     if user.is? :moderator
       can :manage, [Blog, Post] do |blog, post|
         Blog.find(blog).moderators.include? user
       end
     end

일하지 않음:

토론 #5

내가 보여준 것처럼 Rails 컨트롤러에서 사용해 보셨어요?나는 그것이 더 이상 디버깅을 하기 위해서 작동하지 않는 구체적인 상황을 보아야 한다고 생각한다.전체 콘솔 세션이 작동하지 않도록 여기에 붙여 넣으십시오.

토론 #6

네, 여기 간식이 좀 있습니다.
http://pastie.org/1359654<--데이터베이스의 일부 데이터
http://pastie.org/1359666<--게시물 및 블로그
사례 1 -http://pastie.org/1359730
사례 2 -http://pastie.org/1359758

토론 #7

스티커를 발표해 주셔서 감사합니다.
이런 규칙은 통하지 않는다.
무슨 생각 있어요?

토론 #9

권한을 정하는

토론 #10

호출은 무엇입니까?너 지금 이렇게 하는 거야?

     if user.is? :moderator
       can :manage, [Blog, Post] do |blog, post|
         Blog.find(blog).moderators.include? user
       end
     end

Because if you pass an array to can it will match either a post or blog and pass that single object into the block. There is no second argument on that block.

What you originally had should be correct. You can add the blogs to that as well but it must be done separately.

 if user.is? :moderator
   can :manage, Post do |post|
     post.blog.moderators.include? user
   end
   can :manage, Blog do |blog|
     blog.moderators.include? user
   end
 end

Let me know if that doesn't work.

토론 #8

Doesn't work :( With your configuration moderator have access to they blog, but not to others (to anything). It's so strange because i have following lines on the bottom of config

     can [:index, :list, :show, :feed], Blog
     can [:index, :show, :tag, :feed], Post

그러나 판주가 아니더라도: 분류를 만들 수 있습니다.
그리고 한번 해봤어요.

can? :manage, @post

Normally :manage is not used in a can? call because you should be checking on a specific controller action.

can? :show, @post

Try that and see if it gets the behavior you want.

토론 #11

for the last configuration i have attempted to access posts#index page (without any "can?") for the blog without moderator permissions and saw "Access denied" page. But on attempt to access blog with moderator permissions - everything work good.

as i have written - it's so strange because i have can [:index, :list, :show, :feed], Blog can [:index, :show, :tag, :feed], Post at bottom :(

토론 #12

Does it work when you do this in the console?

user = User.first # some user
ability = Ability.new(user)
ability.can? :index, Post

That should return true if you have those rules at the bottom. If not then this is a bug in CanCan.

토론 #13

it returns true, but (i have checked once again) - on attempt to visit blog without moderators rights - still access denied

토론 #14

Which action of which controller specifically are you visiting? Sorry if you've said before, but I'm just trying to figure out why it's behaving differently in the console.

토론 #15

ok :) in both cases i'm visiting the same action - index of posts_controller.

토론 #16

Try adding the :read action to the list of Blog actions. You won't need the index/show actions with :read since they are aliased.

can [:list, :read, :feed], Blog

The reason you need this is that posts are nested under Blog and CanCan checks there there is :read access to the parent blog. I should probably change this to :show action now that I think about it.

토론 #17

Hi, much better, but there are some problems still exists. For now - any user can see list of posts in any blog (correct), on attempt to create new post for moderated by this user blog post created (correct) and in not moderated - acess denied exception (correct). But for both blogs - "if can? :create, Post" returns true and show content inside if-block (wrong) :(

토론 #18

Of course - i can add validation "is User in moderators list", but could you check - maybe there are any possible way to use only "if can? :create, Post"? Maybe we can use something like "if can? :create, Post, @blog"?

토론 #19

You can represent nesting with can? :create, @blog => Post, does that work for you?

토론 #20

the same result :( protected link to create new post still shown but on click - access denied

토론 #21

Closing this because it is an old issue. I'm sorry your problem was never resolved, I'm not sure what the issue could have been.

토론 #22

ok. i have solved this issue with migration to declarative_authorization :)

토론 #23

Hi, i've got the same issue.

I have a user, that has many clubs, and the user is a member of each club, through member model.

When a user is moderator of club, he could manage everything.

In abilities.rb:

# Category abilities with issue
can :manage, Category do |category|
  user.moderator_of? category.club
end

하지만 지금은 판주도 분류를 만들 수 없다.
이것은 내 페이지 기능에서 발생한 적이 있다. 예를 들어 다음과 같다.

# Category abilities still with issue
can :manage, Category do |category|
  user.moderator_of? category.club
end
cannot :create, Category do |category|
  !user.moderator_of? category.club
end

그러나 이 방법은 페이지의 문제를 복원할 수 없다. 같은 종류의 문제. 불행하게도 나는 같은 방법으로 분류를 복원할 수 없다.can?헤이, 내 문제를 해결했어.제455기 서술한 바와 같다