[英]cancan ability : allow site admin with rolify role create_user to create or sign_up new devise users
For the application, I am trying to implement job_code style access using cancan/cancancan, devise and rolify. 对于该应用程序,我正在尝试使用cancan / cancancan来实现job_code样式访问,并进行设计和发布。
Only site admins with job_code :create_user will be able to create new users 只有具有job_code:create_user的站点管理员才能创建新用户
Following is the code: 以下是代码:
class RegistrationsController < Devise::RegistrationsController
before_filter :check_permissions, :only => [ :new, :create, :cancel ]
skip_before_filter :require_no_authentication
def check_permissions
authorize! :create, resource
end
end
class Ability
include CanCan::Ability
def initialize(user)
alias_action :create, :read, :update, :destroy, :to => :crud
if user.has_role? :create_user
can :create, User
end
if user.has_role? :create_annoucement
can :create, Announcement
end
end
end
in routes.rb, I have 在routes.rb中,我有
devise_for :users ,:controllers => { :registrations => "registrations" }, :path_names => {:sign_in => "login", :sign_out => "logout"}, :path => "account"
Application Controller 应用控制器
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :authenticate_user!
check_authorization unless: :devise_controller?
before_filter :set_start_time if Rails.env.development?
before_action :configure_permitted_parameters, if: :devise_controller?
rescue_from CanCan::AccessDenied do |exception|
#https://github.com/ryanb/cancan/wiki/Devise
if current_user.nil?
session[:next] = request.fullpath
puts session[:next]
redirect_to new_user_session_path, :alert => "You have to log in to continue."
else
render file: "#{Rails.root}/public/403", formats: [:html], status: 403, layout: false
end
end
def set_start_time
@start_time = Time.now.usec
end
def configure_permitted_parameters
#devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:name, :email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :last_name, :email, :password, :password_confirmation, :current_password, :user_manual) }
end
end
When I use, the following code in abilities.rb 当我使用时,abilities.rb中的以下代码
if user.has_role? :create_user
can :create, :all
end
it works perfectly . 它工作完美 。 It takes me to User sign_up page 我需要进入“用户注册”页面
but, when I have this code 但是,当我有这段代码时
if user.has_role? :create_user
can :create, User
end
it says Access Denied (403 page) 它说拒绝访问(403页)
I am having a hard time to figure out, what should I use instead of User in can :create, User
我有一个很难弄清楚,我应该怎么用的,而不是用户 can :create, User
我必须添加:read
以及:create
权限来访问新的/创建操作,然后解析:read
访问
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.