如何允许管理员用户访问客户用户对象导轨
[英]How to allow Admin user to access customer user objects rails
问题描述
I have a report object that belongs_to a customer(user_type). 
我有一个属于客户(用户类型)的报告对象。 I have it setup so that the customer is able to grant or remove permission from an admin to see the customers report. 我进行了设置,以便客户能够授予或删除管理员查看客户报告的权限。 I need to know what steps or direction do I need to take to get the reports viewable to the admin user. 我需要知道我需要采取什么步骤或方向才能使报告对管理员用户可见。 The admin user should only have the ability to see reports (show) and see an index of reports that they have access to. 管理员用户应该只能查看报告(显示)并查看他们有权访问的报告索引。
I am thinking maybe I should create a new controller but I am not sure if that is correct or how to do another controller tied to an object that already has a controller. 我在想也许我应该创建一个新的控制器,但是我不确定这是否正确,或者不确定如何与已具有控制器的对象绑定另一个控制器。
1 个解决方案
解决方案1
2 已采纳 2015-07-23 04:14:49
I highly suggest looking into the CanCanCan gem (the continuation of the CanCan gem which is no longer supported). 我强烈建议您调查CanCanCan宝石(不再支持CanCan宝石的延续)。 In this way your code would look something like this in the end (you didn't post any code, so I have to make assumptions about your variables and such): 这样,您的代码最终将看起来像这样(您没有发布任何代码,因此我必须对变量等进行假设):
<% if current_user.admin? %>
<% if can? :view_report, @customer %>
<!-- Render the report to this admin -->
<!-- ............................. -->
<% end %>
<% end %>
And then you would have something like this in your controller to give an admin permission to view the user's report: 然后,您将在控制器中拥有类似的权限,以授予管理员查看用户报告的权限:
def handle_report
can [:show], Report, :user_id => user.id
if current_user.admin?
can :manage, :current_report
end
end
Again, apologies for guessing the variables. 再次道歉,猜测这些变量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.