rails_admin + cancan2在仪表板中进行未经授权的访问

时间:2014-01-05 18:29:02

标签: ruby-on-rails cancan rails-admin

使用rails_admin + cancan2我的能力有问题。 根据官方文档https://github.com/sferik/rails_admin/wiki/CanCan我配置了我的ability.rb文件:

class Ability
  include CanCan::Ability

  def initialize(user)
    can :read, :all

    if user
      if user.has_role? :admin
        can :access, :all
      end
      if user.has_role? :manager
        can :access, :rails_admin   # grant access to rails_admin
        can :dashboard              # grant access to the dashboard
      end
    end
  end
end

问题是使用cancan版本1.6工作正常,但使用cancan 2“管理员”未经授权在仪表板中访问,但他有权访问rails admin。所以:

can :access, :rails_admin   #work
can :dashboard     #don't work

如果我进入localhost:3000 / admin错误是经典的

CanCan::Unauthorized in RailsAdmin::MainController#dashboard

但如果我去localhost:3000 / admin / models它可以工作,那么

can :dashboard     #don't work

不起作用

你可以帮帮我吗?

2 个答案:

答案 0 :(得分:4)

can :dashboard, :all

应该有用。

显示仪表板后,您需要另一个补丁才能使用CanCan 2.0

# patch for CanCan 2.0
module RailsAdmin
  module Extensions
    module CanCan
      class AuthorizationAdapter
        def authorize(action, abstract_model = nil, model_object = nil)
          @controller.current_ability.authorize!(action, model_object || abstract_model && model_name(abstract_model.model)) if action
        end
        def authorized?(action, abstract_model = nil, model_object = nil)
          @controller.current_ability.can?(action, model_object || abstract_model && model_name(abstract_model.model)) if action
        end
        private
        def model_name(model)
          model.to_s.underscore.pluralize.to_sym
        end
      end
    end
  end
end

答案 1 :(得分:0)

我从未见过像

这样的东西
can :dashboard

can指令的正常结构是“can:action,:object”(或类)

所以,从我对你的问题的理解,我认为你应该把它改成

can :manage, :dashboard

如果您想分配“所有权利”