在Rails应用程序中为两个单独的Devise模型设置授权。只有在medical_student中签名的当前应该能够编辑或删除他们的个人资料。其他medical_students应该能够查看其他medical_students,普通用户也应该能够查看他们的个人资料。
这是我的代码:
政策
class MedicalStudentProfilePolicy
attr_reader :medical_student, :medical_student_profile
def initialize(medical_student, medical_student_profile)
@medical_student = medical_student
@medical_student_profile = medical_student_profile
end
def edit?
@medical_student_profile.medical_student_id == medical_student
end
def destroy?
@medical_student_profile.medical_student_id == medical_student
end
end
Pundit用户
def pundit_user
if medical_student_signed_in?
@medical_student = current_medical_student
elsif user_signed_in?
@medical_student = MedicalStudent.find params[:medical_student_id]
end
end
修改
def edit
authenticate_medical_student!
authorize @medical_student_profile, :edit?
end
查看
- if policy(@medical_student_profile).edit?
以用户身份登录时可以使用,但是当前的医学生无法编辑他们的个人资料。有什么想法吗?