嵌套的多态关系CanCan

时间:2013-01-28 11:59:38

标签: ruby-on-rails ruby-on-rails-3.2 cancan polymorphic-associations

我在回复和帖子,通话和电话之间有多态关系。会议:

 class Response < ActiveRecord::Base
    belongs_to :responseable, polymorphic: true
    ...
 end

class Post < ActiveRecord::Base
   has_many :responses, as: :responseable, dependent: :destroy
   ...
end

class Call < ActiveRecord::Base
   has_many :responses, as: :responseable, dependent: :destroy
   ...
end

class Meeting < ActiveRecord::Base
   has_many :responses, as: :responseable, dependent: :destroy
   ...
end

我正在使用CanCan定义我的能力使用嵌套资源功能根据父母的能力自动观察响应:

class ResponsesController < ApplicationController

  before_filter :authorize_parent
  load_resource :post
  load_resource :call
  load_resource :meeting  
  load_and_authorize_resource :response, :through => [:post, :call, :meeting]

  ...

private

  def authorize_parent
    authorize! :read, (@post || @call || @meeting)
  end

end

所有的能力都在使用控制器中的标准动作。

但是,我的响应控制器中有一个操作,用于每15秒通过JS脚本轮询一次新响应:

def polling
   current_user_id = params[:current_user_id]
   responseable_type = params[:responseable_type]
   klass = [Post, Call, Meeting].detect { |c| responseable_type == c.name }
      @responseable = klass.find(params[:responseable_id])
   undivided_millisecond_epoch_time_in_integer = params[:after]
   undivided_millisecond_epoch_time_in_decimal = (undivided_millisecond_epoch_time_in_integer).to_d
   divided_millisecond_epoch_time_in_decimal = (undivided_millisecond_epoch_time_in_decimal / 1000000).to_d
   @responses = @responseable.responses.where("created_at > ? AND user_id <> ?", Time.at(divided_millisecond_epoch_time_in_decimal), current_user_id)
end

无论我尝试什么,我都无法让它发挥作用。即我刚收到回复“您无权访问此页面”。我认为我需要添加一些东西才能使这个自定义动作正常工作,但我对于哪里和哪些都有点迷失。

非常感谢任何帮助。

编辑:在我的能力档案中添加了详细信息: 

if user.role == "client"
  can :index, Post, :user_expert_private => false
  can :index, Post, :user_expert_private => true, :user_id => user.id
  can :show, Post, :user_expert_private => false, :countries => { :id => user.country_ids}
  can :show, Post, :user_expert_private => true, :user_id => user.id
  can :create, Post
  can :edit, Post, :user_id => user.id
  can :update, Post, :user_id => user.id
  can :read, Response
  can :create, Response
  can :polling, Response
  can :read, Call, :user_id => user.id
  can :create, Call, :user_id => user.id
  can :edit, Call, :user_id => user.id
  can :update, Call, :user_id => user.id
  can :read, Meeting, :user_id => user.id
  can :create, Meeting, :user_id => user.id
  can :edit, Meeting, :user_id => user.id
  can :update, Meeting, :user_id => user.id
  can :responses, :polling          
  can :posts, :autocomplete
end

1 个答案:

答案 0 :(得分:1)

根据this,在您的投票方法结束时,您应该可以在投票方法结束时将其放置:

authorize! :read, @responses

我认为原因是您只能在父对象的主持下授权使用Response对象。

根据能力进行编辑:

或许类似

can :polling, Response, :user_id => user.id

我正在另一个项目中做一些工作,this page is probably going to be of use。如果/证明是正确的,我会更新这个答案。

相关问题
最新问题