每次我在这里提交一个表格(我脚手架)localhost:3000 / syllabus_requests / new
来自Pundit :: NotAuthorizedError的急救,带有::user_not_authorized 从我的ApplicationController.rb文件中获取,我不知道为什么,因为在策略类中有一个创建的?方法并返回true
我正在使用 红宝石'2.3.1' gem'rails','〜> 5.0.0','> = 5.0.0.1' 宝石'pundit','〜> 1.1'
我有政策
class SyllabusRequestPolicy < ApplicationPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user || User.new
@model = model #this is the syllabus_request record from the syllabus_requests table as a rails model object
end
def index?
@current_user.role == "admin"
end
def show?
@current_user.role == "admin"
end
def create?
true
end
def edit?
@current_user.role == "admin"
end
def update?
@current_user.role == "admin"
end
def destroy?
@current_user.role == "admin"
end
end
我有一个控制器
class SyllabusRequestsController < ApplicationController
before_action :set_syllabus_request, only: [:show, :edit, :update, :destroy]
# GET /syllabus_requests
# GET /syllabus_requests.json
def index
@syllabus_requests = SyllabusRequest.all
authorize @syllabus_requests
end
# GET /syllabus_requests/1
# GET /syllabus_requests/1.json
def show
authorize @syllabus_request
end
# GET /syllabus_requests/new
def new
@syllabus_request = SyllabusRequest.new
authorize @syllabus_request
end
# GET /syllabus_requests/1/edit
def edit
authorize @syllabus_request
end
# POST /syllabus_requests
# POST /syllabus_requests.json
def create
@syllabus_request = SyllabusRequest.new(syllabus_request_params)
authorize @syllabus_request
respond_to do |format|
if @syllabus_request.save
format.html { redirect_to @syllabus_request, notice: 'Syllabus request was successfully created.' }
format.json { render :show, status: :created, location: @syllabus_request }
else
format.html { render :new }
format.json { render json: @syllabus_request.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /syllabus_requests/1
# PATCH/PUT /syllabus_requests/1.json
def update
authorize @syllabus_request
respond_to do |format|
if @syllabus_request.update(syllabus_request_params)
format.html { redirect_to @syllabus_request, notice: 'Syllabus request was successfully updated.' }
format.json { render :show, status: :ok, location: @syllabus_request }
else
format.html { render :edit }
format.json { render json: @syllabus_request.errors, status: :unprocessable_entity }
end
end
end
# DELETE /syllabus_requests/1
# DELETE /syllabus_requests/1.json
def destroy
authorize @syllabus_request
@syllabus_request.destroy
respond_to do |format|
format.html { redirect_to syllabus_requests_url, notice: 'Syllabus request was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_syllabus_request
@syllabus_request = SyllabusRequest.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def syllabus_request_params
params.require(:syllabus_request).permit(:full_name, :email)
end
end
我的ApplicationPolicy.rb文件看起来像这样
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
false
end
def show?
scope.where(:id => record.id).exists?
end
def create?
binding.pry # this should not hit if I'm overriding it
false
end
def new?
binding.pry
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
end
end
我的ApplicationController.rb看起来像这样
include Pundit
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
devise_parameter_sanitizer.permit(:account_update, keys: [:name])
end
private
def user_not_authorized
# binding.pry
flash[:alert] = "You are not authorized to perform this action."
redirect_to(request.referrer || root_path)
end
end
答案 0 :(得分:0)
您是否尝试添加新的?您的SyllabusRequestPolicy中的方法?