我在Ruby on rails 3.1上使用declarative_authorization。
一个组有多个专辑(groupalbum),一个组由一个用户创建(user_id在外键中用于组表)。 只有该组的所有者才能创建相册。
这是我的authorization_rules.rb:
has_permission_on [:group_albums], :to => [:create] do
if_attribute :group => { :user => is_in { user.groups } }
end
这是我的GroupAlbumsControler:
class GroupAlbumsController < ApplicationController
before_filter :set_group_album_from_params, :only => :show
before_filter :set_group_album_new, :only => [:index, :new]
filter_access_to :all, :attribute_check => true
(...)
end
但它不起作用:
You are not allowed to access this action.
即使我已与该组的所有者登录。
我的错误在哪里?
答案 0 :(得分:0)
为什么这不起作用可能有很多原因。
您是否添加了:index和:您的权限是新的?
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
您是否拥有对当前用户的group_albums的读取权限?
has_permission_on [:group_albums], :to => [:create, :read] do
if_attribute :group => { :user => is_in { user.groups } }
end
你打电话给哪个动作?