Rails CanCan(Can)复杂授权

时间:2015-04-15 20:43:01

标签: ruby-on-rails ruby-on-rails-4 cancan cancancan

我有以下型号:

class User
  has_many :videos
  has_many :videos_shared_by, class_name: "SharedVideo", foreign_key: "shared_by_id"
  has_many :videos_shared_to, class_name: "SharedVideo", foreign_key: "shared_to_id"

  has_many :followee_relationships, class_name: "Relationship", foreign_key: "follower_id"
  has_many :follower_relationships, class_name: "Relationship", foreign_key: "followee_id"

  has_many :following, through: :followee_relationships, source: :followee
  has_many :followers, through: :follower_relationships, source: :follower

  has_many :blocked_followee_relationships, -> { blocked }, class_name: "Relationship", foreign_key: "follower_id"
  has_many :blocked_follower_relationships, -> { blocked }, class_name: "Relationship", foreign_key: "followee_id"

  has_many :blocking, through: :blocked_followee_relationships, source: :followee
  has_many :blockers, through: :blocked_follower_relationships, source: :follower
end

class Video
  belongs_to :user

  has_many :shares, class_name: "SharedVideo"
  has_many :shared_to, through: :shares, source: :shared_to
  has_many :shared_by, through: :shares, source: :shared_by

  has_many :reviews

  has_many :blocking, through: :user
  has_many :blockers, through: :user

  def private?
   !public?
  end
end

class Review
  belongs_to :video
  belongs_to :linked_reivew, class_name: "Review"
end

class SharedVideo
  belongs_to :video
  belongs_to :shared_by, class_name: "User"
  belongs_to :shared_to, class_name: "User"
end

我认为除了Review模型中的linked_review关联外,一切都是相当自我解释的。任何两个评论都可以相互链接,基本上创建我称之为双重评论。

在我的CanCan能力课程中,我开始遵循以下规则:

class Ability
  include CanCan::Ability

  def initialize(user)

    user ||= User.new # guest user (not logged in)

    can :read, Video, public: true
    can :read, Video, shared_to: { id: user.id }

    # can :read, Video, if indirectly accessible through linked review (see comments below)

    cannot :read, Video, blocking: { id: user.id }
    cannot :read, Video, blockers: { id: user.id }

    can [:read, :update, :destroy], Video, user_id: user.id

  end
end

这些工作符合预期,但我似乎无法弄清楚如何通过链接审核间接授予用户可以访问的视频的读取权限。

换句话说,如果用户-a请求访问视频#2(私有,不共享并由用户-b拥有),则视频#2与视频#1相关联(用户-a可访问,因为它&#39 ;公开,与他共享或由他拥有)通过链接审查,然后我希望请求用户被授予读取权限。

关于我如何做到这一点的任何想法?块不起作用,因为CanCan忽略索引操作的块,即它调用Video.accessible_by(current_ability)时。我试图找出视频模型的某种范围,但似乎无法理解我将如何做到这一点。

0 个答案:

没有答案
相关问题
最新问题