我已经安装了设计。
我做了,
rails g cancan:ability
这是我在app / models中获得的Ability类
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
# user ||= User.new # guest user (not logged in)
# if user.admin?
# can :manage, :all
# else
# can :read, :all
# end
#
# The first argument to `can` is the action you are giving the user permission to do.
# If you pass :manage it will apply to every action. Other common actions here are
# :read, :create, :update and :destroy.
#
# The second argument is the resource the user can perform the action on. If you pass
# :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
#
# The third argument is an optional hash of conditions to further filter the objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
end
帖子表
Table "public.posts"
Column | Type | Modifiers
-------------+------------------------+----------------------------------------------------
id | integer | not null default nextval('posts_id_seq'::regclass)
title | character varying(100) | not null
content | character varying(500) | not null
created_at | date |
updated_at | date |
tags | character varying(55) | not null default '50'::character varying
category_id | integer | not null default 1
user_id | integer |
Indexes:
"posts_pkey" PRIMARY KEY, btree (id)
用户表
Table "public.users"
Column | Type | Modifiers
------------------------+-----------------------------+----------------------------------------------------
id | integer | not null default nextval('users_id_seq'::regclass)
email | character varying(255) | not null default ''::character varying
encrypted_password | character varying(128) | not null default ''::character varying
reset_password_token | character varying(255) |
reset_password_sent_at | timestamp without time zone |
remember_created_at | timestamp without time zone |
sign_in_count | integer | default 0
current_sign_in_at | timestamp without time zone |
last_sign_in_at | timestamp without time zone |
current_sign_in_ip | character varying(255) |
last_sign_in_ip | character varying(255) |
confirmation_token | character varying(255) |
confirmed_at | timestamp without time zone |
confirmation_sent_at | timestamp without time zone |
username | character varying(255) | not null
is_admin | boolean | default false
created_at | timestamp without time zone |
updated_at | timestamp without time zone |
Indexes:
"users_pkey" PRIMARY KEY, btree (id)
"index_users_on_confirmation_token" UNIQUE, btree (confirmation_token)
"index_users_on_email" UNIQUE, btree (email)
"index_users_on_reset_password_token" UNIQUE, btree (reset_password_token)
"index_users_on_username" UNIQUE, btree (username)
现在我如何设置cancan来允许/拒绝PostController,CommentsController的某些动作?如果user.is_admin = true那么用户可以编辑,删除帖子,评论。否则普通用户只能在注册后添加帖子。任何访客用户都可以对任何帖子发表评论。
在PostsController中我有
before_filter :authenticate_user! , :except => [:index, :show, :bla1, :bla2, :bla3, :bla4, :bla5, :bla6, :bla7, :bla8, :bla9]
在每个控制器中我都必须编写这样的线,这很乏味。是否有任何捷径方法可以减少每个控制器中的这条线?
答案 0 :(得分:2)
你应该以这种方式设置你的能力。
class Ability
include CanCan::Ability
def initialize(user)
# rules for admin
if user.is_admin?
#if admin can do anything
can :manage, :all
#if admin can only edit and destroy posts and comments
can :edit, Post
can :destroy, Post
can :edit, Comment
can :destroy, Comment
end
#rules for registred user
can :create, Post
end
end
并在你的控制器中
class PostsController < ApplicationController
authorize_resource :except => show
end
class CommentsController < ApplicationController
authorize_resource :only => [:edit,:update,:destroy]
end
希望它会有所帮助。 :)