该项目使用cancancan gem 2.0.0。我在我的控制器中有两个动作,它们都显示文章列表,并在列表中共享部分内容。这是我可以指出问题的能力的简化版本:
Article.rb
session_start();
require_once 'Users.php';
require_once 'comments.php';
$Users = new Users();
try {
require "dbconfig.php";
$conn = new PDO(stuff);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e){
exit($e->getMessage());
}
$email = $_POST['email'];
$password = $_POST['password'];
$_SESSION['presets'] = array($_POST);
$valid = true;
$messages = array();
if(empty($email)) {
$messages[] = "Please enter a display name";
$valid = false;
}
if(empty($password)) {
$messages[] = "Please enter a password";
$valid = false;
}
if(!isset($error)){
$query = $conn->prepare("SELECT password FROM users WHERE email=?");
$query->execute(array($_POST['email']));
if($query->fetchColumn() === $_POST['password']) //better to hash it
{
// starts the session created if login info is correct
session_start();
$_SESSION['display_name'] = $_POST['display_name'];
$messages[] = "login successful";
exit;
}
else {
$valid = false;
$messages[] = "Email and Password do not match or do not exist";
header("Location: userpage.php");
exit;
}
}
if (!$valid) {
$_SESSION['sentiment'] = "bad";
$_SESSION['messages'] = $messages;
header("Location:login.php");
exit;
}
$messages[]="it worked";
$_SESSION['messages'] = $messages;
exit;
Ability.rb
class Article < ApplicationRecord
scope :archived, -> {where("archived = TRUE")}
end
问题在于第二种能力定义了:流行的,以某种方式覆盖了之前的块能力和&#34; archived_access&#34;用户最终能够:编辑和:更新未归档的文章&#34;。
重要的是要记住,文章表的记录超过50万条,因此针对数据库的调用必须尽可能优化。
让我知道你的想法,欢迎任何有关如何使这项工作的想法!