[英]Using gem pundit, why author of a post cannot edit or delete it in Ruby on Rails 4.0.2?
I am newbie to rails using ruby
1.9.3 and rails
4.0.2 and pundit
0.2.1 我是使用
ruby
1.9.3, rails
4.0.2和pundit
0.2.1的rails
新手
The post model consists of: 职位模型包括:
belongs_to :user
The user model is generated by using devise
gem (and does not have has_many :posts
) 通过使用产生的用户模型
devise
的宝石(和不具备has_many :posts
)
devise :database_authenticatable, :registerable,
:rememberable, :trackable, :validatable
I did rake db:drop db:create db:migrate
and my schema.rb
now has user_id
in posts
table. 我做了
rake db:drop db:create db:migrate
,我的schema.rb
现在在posts
表中有user_id
。
Then I followed this blog for using gem pundit
然后,我跟随这个博客使用gem
pundit
I have exactly the same code shown in that blog. 我在该博客中显示的代码完全相同。 Furthermore I added this to my post controller actions:
此外,我将此添加到我的后控制器操作中:
def create
@post = Post.new(params[:post].permit(:title, :text))
authorize @post
if @post.save
redirect_to @post
else
render 'new'
end
end
def edit
@post = Post.find(params[:id])
authorize @post
end
def update
@post = Post.find(params[:id])
authorize @post
if @post.update(params[:post].permit(:title, :text))
redirect_to @post
else
render 'edit'
end
end
def destroy
@post = Post.find(params[:id])
authorize @post
@post.destroy
redirect_to posts_path
end
I am not getting any kind of error( NoMethodError
like I got when I used cancan
gem). 我没有收到任何类型的错误(
NoMethodError
觉得我有,当我用cancan
宝石)。
But no user , not even the author of post, is able to edit and destroy his post. 但是, 没有用户甚至帖子的作者都无法编辑和销毁其帖子。
It simply shows Couldn't find post
. 它只是表明
Couldn't find post
。 (which is alert message from rescue_from
Pundit::NotAuthorizedError
) (这是来自
Pundit::NotAuthorizedError
rescue_from
警报消息)
I tried changing logic in PostPolicy
owned
method which is there in blog post but it didn't work. 我尝试在
PostPolicy
owned
方法中更改逻辑, PostPolicy
方法在博客文章中存在,但没有用。
With these models and schema, how can I achieve this simple authorization (only author of post should be able to edit and delete his post) without using any gems? 使用这些模型和模式,如何在不使用任何gem的情况下实现这种简单的授权(只有帖子的作者才可以编辑和删除其帖子)?
I tried other similar questions over here but none worked for me. 我在这里尝试了其他类似的问题,但没有一个对我有用。
As my authorization is working, now i am struggling customising views
specifically edit
and destroy
links for posts index.html.erb
由于授权工作正常,现在我正在努力定制
views
尤其是edit
和destroy
帖子index.html.erb
链接
Only Author of a post must be shown edit and delete links for his posts. 仅必须显示帖子的作者,才能显示其帖子的编辑和删除链接。
I followed elabs/pundit for customising views by using policy method. 我跟随elabs / pundit使用策略方法来自定义视图。
Here is my code for post_policy.rb
这是我的
post_policy.rb
代码
class PostPolicy < Struct.new(:user, :post)
def owned
post.user_id == user.id
end
def create?
post.user_id = user.id
new?
end
def new?
true
end
def update?
edit?
end
def edit?
owned
end
def destroy?
owned
end
end
And this is the code in post index.html.erb
这是发布
index.html.erb
的代码
<% if policy(Post).edit? %>
<td><%= link_to 'Edit', edit_post_path(post) %></td>
<% end %>
<% if policy(Post).destroy? %>
<td><%= link_to 'Destroy', post_path(post), method: :delete, data: { confirm: 'Are you sure?' } %></td>
<% end %>
According to pundit documentation on elabs/pundit it says we can get instance of the policy
through the policy
method in both the view
and controller
. 根据elabs / pundit上的pundit文档,它说我们可以通过
view
和controller
的policy
方法获取该policy
实例。
For me it gives NoMethodError in Posts#index
and undefined method user_id for <Class:0x22d64d8>
对我来说,它
NoMethodError in Posts#index
给出NoMethodError in Posts#index
undefined method user_id for <Class:0x22d64d8>
I have user_id field in post. 我在帖子中有user_id字段。 I think i need to pass @post with policy for getting that user_id.
我认为我需要通过@post并附上获取该user_id的政策。 I tried other ways but no success.
我尝试了其他方法,但没有成功。
Thanks Uri for editing the question. 感谢Uri编辑问题。
Thanks a ton Andy for guiding me properly. 感谢吨安迪正确地指导我。 As you said the
user_id
was nil for new post created. 如您所说,对于创建的新帖子,
user_id
为零。 I just assigned current user's id to post.user_id
in create
method 我只是在
create
方法post.user_id
当前用户的ID分配给post.user_id
def create?
post.user_id = user.id
new?
end
in 在
post_policy.rb
All my auhtorizations are now working fine. 我所有的自动化工作现在都很好。
But now I am struggling with policy method used for customising views. 但是现在,我正在努力使用用于自定义视图的策略方法。 I have edited the question accordingly along with code.
我已经对问题以及代码进行了相应的编辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.