我正在使用cancan(can)并设计我的Ruby on Rails应用程序中的用户权限。我的用户模型具有四个枚举角色:
class User < ApplicationRecord
enum role: {location: 0, basic: 1, admin: 2, moderator: 3}
我想做的是定义每个角色在capability.rb中可以控制的角色。
我的Capacity.rb当前如下所示:
if user.basic?
can :read, :all
can :active_orders_index, Order
can :search_orders, Order
can :focused_show, Location
can :mark_task_completed, Task
can :finish_task, Task
cannot :create, User
elsif user.location?
can :read, Location
can :focused_show, Location
elsif user.admin?
can :manage, :all
elsif user.moderator?
can :manage, :all
end
在此示例中,我试图做的是阻止基本用户创建用户。在这种当前形式下,基本用户 能够创建用户(由于未经授权而无法重定向),这不是理想的效果。我相信这是因为:create方法来自我的User控制器,并未用于制作用户。我正在使用Devise的new_user_registration进行新注册。
问题的最简单形式:
有没有办法做类似的事情->
cannot :sign_up, User.where(:role => 'moderator')
我可以指定哪些角色可以管理其他哪些角色?
我应该使用什么Devise控制器/方法来设置这些限制?
很抱歉,如果我已经回答了这个问题,我在Wiki上阅读了有关定义能力和设计的内容,但无法弄清。
预先感谢,我可以提供其他需要帮助的代码段!
应用程序控制器:我已注释掉负载并授权并将其移至其他控制器的开头,因为它引起了不良行为(我不记得确切的含义)。
class ApplicationController < ActionController::Base
#load_and_authorize_resource
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
rescue_from CanCan::AccessDenied do |exception|
respond_to do |format|
format.json { head :forbidden, content_type: 'text/html' }
format.html { redirect_to main_app.new_user_session_url, notice: exception.message }
format.js { head :forbidden, content_type: 'text/html' }
end
end
def after_sign_in_path_for(resource)
if resource.role == 'location'
location_focused_path(Location.find_by(name: resource.username))
elsif resource.role == 'basic'
locations_path
elsif resource.role == 'admin'
active_orders_path
elsif resource.role == 'moderator'
active_orders_path
end
end
protected
def configure_permitted_parameters
added_atrs = [:role, :username, :email]
devise_parameter_sanitizer.permit(:sign_up, keys: added_atrs)
devise_parameter_sanitizer.permit(:account_update, keys: added_atrs)
end
end
注册控制器: 由Devise生成
class Users::RegistrationsController < Devise::RegistrationsController
#load_and_authorize_resource
skip_before_action :require_no_authentication, only: [:new, :create, :cancel]
# POST /resource
def create
build_resource(sign_up_params)
# yield resource if block_given?
# ^ I removed this line otherwise identical to teh source code
resource.save
if resource.persisted?
if resource.active_for_authentication?
set_flash_message! :notice, :signed_up
sign_up(resource_name, resource)
respond_with resource, location: after_sign_up_path_for(resource)
else
set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
expire_data_after_sign_in!
respond_with resource, location: after_inactive_sign_up_path_for(resource)
end
else
clean_up_passwords resource
set_minimum_password_length
respond_with resource
end
end
# Signs in a user on sign up. You can overwrite this method in your own
# RegistrationsController.
def sign_up(resource_name, resource)
true
end
end
答案 0 :(得分:0)
答案很简单:
$GIT_DIR/info/attributes以我的能力。rb