Question

鉴于以下能力;

class Ability
  include CanCan::Ability
   def initialize(user)
    user ||= User.new # guest
    if user.has_role? :project_lead
      can :read, Project, :id => Project.with_role(:project_lead, user).pluck(:id)
    end
  end
end

为什么我得 false 让这个用户能够：阅读项目？

>>u=User.find_by_login("test")
>>p=Project.find(1)
>>u.add_role :project_lead, p
>>u.roles
[#<Role id: 10035, name: "project_lead", resource_id: 1, resource_type: "Project", created_at: "2013-11-28 09:18:58", updated_at: "2013-11-28 09:18:58">]

>>a=Ability.new(u)
>>a.can? :read, p
false

我注意到在初始化Ability时，WHERE子句以：

结束

AND (((roles.name = 'project_lead') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL)))

不应该读 'AND（（roles.name ='project_lead'）AND（roles.resource_type = 'Project'）AND（roles.resource_id = 1 ）））' ？

Answer 1

通过正确配置用户和角色之间的关系来解决这个问题。我只花了4个月。

CanCan / Rolify提供不正确的能力结果

1 个答案: