我正在使用Devise进行身份验证,并且可以使用cancancan进行授权。对于某些控制器,某些控制器可以正常工作但是会抛出未定义的方法错误。
assessments_controller.rb
def index
@projects = Project.find_by_sql("SELECT project_id, project_name FROM projects WHERE company_id = "+ current_dashboard_user.company_id.to_s +
" ORDER BY project_name")
getProjectId
getResult #get search result
respond_to do |format|
format.html
format.js
end
end
def getResult
#Search Result page
if (@project_id != nil && @project_id != "") then
@assessments = Assessment.find_by_sql("SELECT assess.assessment_id, assess.company_id, assess.project_id, assess.release_cycle_no,
assess.assessment_description, DATE_FORMAT(assess.start_date,'%d/%m/%Y') start_date_display,
DATE_FORMAT(assess.end_date,'%d/%m/%Y') end_date_display, assess.project_phase_id, pp.project_phase_name,
CASE WHEN assess.closed_status = 'Y' THEN 'Closed' ELSE 'Open' END AS closed_status
FROM assessments assess, project_phases pp
WHERE assess.company_id = " + current_dashboard_user.company_id.to_s +
" AND assess.project_id = " + @project_id.to_s +
" AND assess.project_phase_id = pp.project_phase_id ORDER BY assess.assessment_id DESC")
@assessments = @assessments.paginate(:per_page => 5, :page => params[:page])
end
end
https://gist.github.com/anonymous/9ccee7be3e7fa2df2bca
我的观点。 https://gist.github.com/anonymous/272e6cc05e01d526ef0a
我得到的错误是 http://imgur.com/1qyHen1
答案 0 :(得分:1)
因此,您必须手动为索引操作定义授权。
load_and_authorize_resource
skip_load_and_authorize_resource :only => [:getProjectId, :getResult, :index]
def index
@projects = Project.find_by_sql("SELECT project_id, project_name FROM projects WHERE company_id = "+ current_dashboard_user.company_id.to_s +
" ORDER BY project_name")
authorize! :read, @projects
getProjectId
getResult #get search result
authorize! :read, @assessments
respond_to do |format|
format.html
format.js
end
end