我正试图在Rails 4中创建一个应用程序。
我正在使用Pundit(或尝试)。
我有应用程序策略和文章策略。
有些东西不起作用。如果我为show设置我的文章政策?如果是假的,我希望不能看到文章的展示页面。相反,我可以看到节目页面 - 我无法弄清楚是什么错误。
我的申请政策是:
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
false
end
def show?
scope.where(:id => record.id).exists?
end
def create?
false
end
def new?
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
end
end
我的文章政策是:
class ArticlePolicy < ApplicationPolicy
def index?
true
end
def show?
false
# user.present?
end
def create?
user.present?
user && user.profile.addresses.exists?(address.id)
end
def update?
user && user.article.exists?(article.id) && user.article.created_at < 15.minutes.ago
# user.present? #&& user == article.user
end
def destroy?
# user.admin?
# user.present?
user && user.article.exists?(article.id)
end
private
def article
record
end
end
任何人都可以看到我做错了吗?
文章控制者:
class ArticlesController < ApplicationController
before_action :set_article, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!, except: [:index, :show, :search]
respond_to :html, :json
# GET /articles
# GET /articles.json
def index
query = params[:query].presence || "*"
@articles = Article.search(query)
end
# def index
# if params[:query].present?
# @books = Book.search(params[:query], page: params[:page])
# else
# @books = Book.all.page params[:page]
# end
# end
# GET /articles/1
# GET /articles/1.json
def show
end
# GET /articles/new
def new
@article = Article.new
@article.comments.build
end
# GET /articles/1/edit
def edit
end
# POST /articles
# POST /articles.json
def create
# before_action :authenticate_user!
# authorize @article
@article = Article.new(article_params)
respond_to do |format|
if @article.save
format.html { redirect_to(@article) }
format.json { render :show, status: :created, location: @article }
else
format.html { render :new }
format.json { render json: @article.errors, status: :unprocessable_entity }
end
end
end
def search
if params[:search].present?
@articless = Article.search(params[:search])
else
@articles = Articles.all
end
end
# PATCH/PUT /articles/1
# PATCH/PUT /articles/1.json
def update
# before_action :authenticate_user!
authorize @article
respond_to do |format|
# if @article.update(article_params)
# format.json { render :show, status: :ok, location: @article }
# else
# format.html { render :edit }
# format.json { render json: @article.errors, status: :unprocessable_entity }
# end
# end
if @article.update(article_params)
format.json { render :show, status: :ok, location: @article }
else
format.json { render json: @article.errors, status: :unprocessable_entity }
end
format.html { render :edit }
end
end
# DELETE /articles/1
# DELETE /articles/1.json
def destroy
before_action :authenticate_user!
authorize @article
@article.destroy
respond_to do |format|
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_article
@article = Article.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def article_params
params[:article].permit(:user_id, :body, :title, :image, :tag_list,
comment_attributes: [:opinion])
end
end