我问你有关Rails 4中嵌套属性和能力CanCan的任何帮助。 我有3个模型:Post,User,Asset。 发布has_many资产和用户has_many帖子。我需要'来宾'用户可以创建帖子,编辑和删除自己的帖子和个人资料。 管理员可以执行所有操作,编辑器可以执行某些操作。
有人请帮助我理解实施,因为我没有。有时,当我尝试使用资产创建帖子时,它会返回错误ForbiddenAttributes。没有资产创造时没有任何东西。我想了解何时应该使用:authenticate_user!和:check_permissions!
这是一些代码:
posts_controller.rb
class PostsController < ApplicationController
#here i dont know.
#load_and_authorize_resource #:through => :current_user
#before_filter :authenticate_user!, :only => [:new, :create,:edit,:update, :destroy]
before_filter :check_permissions, :only => [:edit, :update, :destroy]
def index
@posts = Post.all
end
def new
@post = current_user.posts.new
@post.assets.build
end
def create
@post = current_user.posts.create(post_params)
if @post.errors.empty?
redirect_to posts_path
else
render "new"
end
end
def show
@post = Post.find(params[:id])
end
def edit
@post = Post.find(params[:id])
@post.assets.build
end
def update
@post = Post.find(params[:id])
if @post.update_attributes(post_params)
redirect_to post_path(@post)
else
render "edit"
end
end
def destroy
@post = Post.find(params[:id])
@post.destroy
redirect_to posts_path
end
private
def post_params
params.require(:post).permit(:title,:content, assets_attributes: [:id, :image, :_destroy])
end
def check_permissions
authorize! :create||:update||:destroy, Post
end
end
routes.rb的一部分
resources :users
resources :posts
root 'welcome#index'
ability.rb
class Ability
include CanCan::Ability
#don't know here!!!!!
def initialize(user)
# Define abilities for the passed in user here. For example:
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
#elsif user.role? :editor
# can :edit, :all
elsif user.role? :guest
can [:read, :create], Post
can [:update, :destroy], Post, :user_id => user.id
can :manage, User do |a|
a == user
end
else
can :read, :all
end
end
end
请帮助了解!它是什么意思load_and_authorize_resource?