专家用于铁路故障配置

时间:2016-02-03 12:23:19

标签: ruby-on-rails ruby ruby-on-rails-4 pundit

我已经使用rails 4.2.4构建了一个Web应用程序,设计了一个脚架,用户可以在其中使用CRUD引脚。

我正准备自己试图让专家工作,以便只有管理员可以CRUD一个引脚,所有用户都登录或访客只能查看,不能创建,更新或销毁。

我得到一连串的错误,比如> enter image description here

事实:

我有2个型号pin.rb和user.rb

我有一个pins_controller.rb

我完成了迁移add_admin_to_users.rb(我需要在控制台中进一步干预以便为管理员设置一些内容除此之外)

我可以获得语法和失败方法的帮助

class ApplicationPolicy
  attr_reader :user, :pin

  def initialize(user, pin)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @pin = pin
  end

  def index?
    true
  end

  def show?
    scope.where(:id => record.id).exists?
  end

  def create?
    user.admin? 
  end

  def new?
    user.admin? 
  end

  def update?
    user.admin? 
  end

  def edit?
    update?
  end

  def destroy?
    user.admin? 
  end

  def scope
    Pundit.policy_scope!(user, record.class)
  end

  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      scope
    end
  end
end
  

块引用

class PinsController < ApplicationController
  before_action :set_pin, only: [:show, :edit, :update, :destroy]
  before_action :correct_user, only: [:edit, :update, :destroy]
  before_action :authenticate_user!, except: [:index, :show]

  def index
    if params[:search].present? && !params[:search].nil?
      @pins = Pin.where("description LIKE ?", "%#{params[:search]}%").paginate(:page => params[:page], :per_page => 15)
    else
      @pins = Pin.all.order("created_at DESC").paginate(:page => params[:page], :per_page => 15)
    end
  end


  def show

  end


  def new
    @pin = current_user.pins.build
  end


  def edit
  end


  def create
    @pin = current_user.pins.build(pin_params)
    if @pin.save
      redirect_to @pin, notice: 'Pin was successfully created.'
    else
      render :new
    end
  end


  def update
    if @pin.update(pin_params)
      redirect_to @pin, notice: 'Pin was successfully updated.'
    else
      render :edit
    end
  end


  def destroy
    @pin.destroy
    redirect_to pins_url
  end


private
    # Use callbacks to share common setup or constraints between actions.
    def set_pin
      @pin = Pin.find_by(id: params[:id])
    end

    def correct_user
      @pin = current_user.pins.find_by(id: params[:id])
      redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil?
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def pin_params
      params.require(:pin).permit(:description, :image)
    end
end
  

块引用

class ApplicationController < ActionController::Base
 include Pundit
 rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 protect_from_forgery with: :exception
 before_filter :configure_permitted_parameters, if: :devise_controller?

 protected

 def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :name
    devise_parameter_sanitizer.for(:account_update) << :name
 end

 private

 def user_not_authorized
   flash[:warning] = "You are not authorized to perform this action."
   redirect_to(request.referrer || root_path)
 end
end

1 个答案:

答案 0 :(得分:2)

错误最有可能发生在这样的事实上,即,如异常所述,没有PinPolicy类。除了一般ApplicationPolicy之外,您还应该为每个资源(继承自主ApplicationPolicy)定义策略。

将其添加到/policies目录下:

class PinPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
      return scope if user.admin?
      fail 'scope is not defined'
    end
  end
end
相关问题
最新问题