Rails in Action - 私有化资产

时间:2013-09-04 04:53:36

标签: ruby-on-rails ruby-on-rails-3 paperclip

管理员登录并创建了与项目相关的故障单,然后正确上传了附件,没有任何错误,然后当我尝试下载时,它变为错误状态,当我用can?替换cannot?时能够下载资产,那么在不改变当前控制器显示动作的情况下,管理员能够下载它需要什么?

注意:如果用户没有权限查看资产,应该会出现错误情况,但我不知道管理员如何发生这种情况也无法在书中找到它。有没有人经历过这个?

class FilesController < ApplicationController
    before_filter :authenticate_user!

    def show
        asset = Asset.find(params[:id])
        if  can?(:view, asset.ticket.project)
            send_file asset.asset.path, :filename => asset.asset_file_name,
                                        :content_type => asset.asset_content_type
        else
            flash[:alert] = "The asset you were looking for could not be found."
            redirect_to root_path
        end
    end
end

Ability.rb 

class Ability
    include CanCan::Ability

    def initialize(user)
        user.permissions.each do |permission|
            can permission.action.to_sym, permission.thing_type.constantize do |thing|
                thing.nil? || permission.thing_id.nil? || permission.thing_id == thing.id
            end
        end
    end
end

0 个答案:

没有答案
相关问题
最新问题