我正在使用CanCanCan,在我的ability.rb文件中我有这个:
def initialize(user)
alias_action :vote_up, :vote_down, to: :vote
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
can :manage, Question, user_id: user.id
can :manage, Answer, user_id: user.id
can :manage, Job, user_id: user.id
can :manage, Company, user_id: user.id
can :read, :all
cannot :read, User do |u|
!u.eql?(user.id)
end
can :vote, [Question, Answer]
end
end
但是,当我尝试与不拥有question的用户进行投票时,它会拒绝它。
例如,当我以abc@test.com登录时,这就是投票时日志的样子:
Started POST "/questions/yet-another-hello-world/vote_up" for ::1 at 2016-06-14 23:45:13 -0500
Processing by QuestionsController#vote_up as JS
Parameters: {"id"=>"yet-another-hello-world"}
User Load (2.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1546], ["LIMIT", 1]]
Question Load (4.8ms) SELECT "questions".* FROM "questions" WHERE "questions"."user_id" = $1 AND "questions"."slug" = $2 ORDER BY "questions"."id" ASC LIMIT $3 [["user_id", 1546], ["slug", "yet-another-hello-world"], ["LIMIT", 1]]
Answer Load (1.4ms) SELECT "answers".* FROM "answers" WHERE "answers"."question_id" = 43
(1.3ms) SELECT COUNT(*) FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."voter_id" = $3 AND "votes"."vote_scope" IS NULL AND "votes"."voter_type" = $4 [["votable_id", 43], ["votable_type", "Question"], ["voter_id", 1546], ["voter_type", "User"]]
(0.7ms) BEGIN
SQL (3.8ms) INSERT INTO "votes" ("votable_type", "votable_id", "voter_type", "voter_id", "vote_flag", "vote_weight", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id" [["votable_type", "Question"], ["votable_id", 43], ["voter_type", "User"], ["voter_id", 1546], ["vote_flag", true], ["vote_weight", 1], ["created_at", 2016-06-15 04:45:13 UTC], ["updated_at", 2016-06-15 04:45:13 UTC]]
(0.9ms) COMMIT
(1.3ms) SELECT COUNT(*) FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"]]
(1.4ms) SELECT COUNT(*) FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_flag" = $3 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"], ["vote_flag", true]]
(1.4ms) SELECT COUNT(*) FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_flag" = $3 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"], ["vote_flag", false]]
(1.6ms) SELECT SUM("votes"."vote_weight") FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_flag" = $3 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"], ["vote_flag", true]]
(1.5ms) SELECT SUM("votes"."vote_weight") FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_flag" = $3 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"], ["vote_flag", false]]
CACHE (0.0ms) SELECT SUM("votes"."vote_weight") FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_flag" = $3 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"], ["vote_flag", true]]
CACHE (0.0ms) SELECT SUM("votes"."vote_weight") FROM "votes" WHERE "votes"."votable_id" = $1 AND "votes"."votable_type" = $2 AND "votes"."vote_flag" = $3 AND "votes"."vote_scope" IS NULL [["votable_id", 43], ["votable_type", "Question"], ["vote_flag", false]]
(0.8ms) BEGIN
SQL (2.1ms) UPDATE "questions" SET "cached_votes_total" = $1, "cached_votes_up" = $2, "cached_votes_score" = $3, "cached_weighted_total" = $4, "cached_weighted_score" = $5, "updated_at" = $6 WHERE "questions"."id" = $7 [["cached_votes_total", 1], ["cached_votes_up", 1], ["cached_votes_score", 1], ["cached_weighted_total", 1], ["cached_weighted_score", 1], ["updated_at", 2016-06-15 04:45:13 UTC], ["id", 43]]
(1.5ms) COMMIT
Rendering questions/vote_up.js.erb
Rendered questions/vote_up.js.erb (1.3ms)
Completed 200 OK in 69ms (Views: 14.8ms | ActiveRecord: 26.9ms)
这是正常的,效果非常好。
但是,如果我以其他用户身份登录并尝试使用相同的问题进行vote_up,则这就是日志的样子:
Started POST "/questions/yet-another-hello-world/vote_up" for ::1 at 2016-06-14 23:46:40 -0500
Processing by QuestionsController#vote_up as JS
Parameters: {"id"=>"yet-another-hello-world"}
User Load (2.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1547], ["LIMIT", 1]]
Question Load (3.2ms) SELECT "questions".* FROM "questions" WHERE "questions"."user_id" = $1 AND "questions"."slug" = $2 ORDER BY "questions"."id" ASC LIMIT $3 [["user_id", 1547], ["slug", "yet-another-hello-world"], ["LIMIT", 1]]
Completed 404 Not Found in 14ms (ActiveRecord: 5.3ms)
ActiveRecord::RecordNotFound - ActiveRecord::RecordNotFound:
friendly_id (5.1.0) lib/friendly_id/finder_methods.rb:23:in `find'
app/controllers/questions_controller.rb:123:in `set_question'
您可以看到它正在检查问题是否属于我的控制器中的current_user,但在此处失败:
def set_question
@question = current_user.questions.includes(:answers).friendly.find(params[:id])
end
思想?
答案 0 :(得分:2)
@question = current_user.questions.includes(:answers).friendly.find(params[:id])
这是出错的地方,因为current_user不拥有该问题,因此question_id和user_id无法找到问题。您可以在日志中看到查询的作用:
SELECT“questions”。* FROM“questions”WHERE“questions”。“user_id”= $ 1 AND“问题”。“slug”= $ 2订购“问题”。“id”ASC LIMIT $ 3 [[“user_id”,1547],[“slug”,“yet-another-hello-world”],[“LIMIT”,1]]
将查找问题查询更改为:
@question = Question.includes(:answers).friendly.find(params[:id])
现在所有用户都可以对问题进行投票,即使问题不属于他/她。