CanCanCanbility.rb中的零用户
[英]Nil user in CanCanCan ability.rb
问题描述
Trying to get an async request working from a React component. 
试图从React组件获取一个异步请求。 However it always fails due to invalid permissions. 但是,由于权限无效,它总是会失败。
Example working request: 工作要求示例:
Started GET "/" for 127.0.0.1 at 2017-10-04 16:32:00 -0400
Processing by EventsController#index as HTML
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 1], ["LIMIT", 1]]
Rendering events/index.html.erb within layouts/application
Example failing async request: 失败的异步请求示例:
Started GET "/events/search?ne_lat=37.82915414554321&ne_lng=-122.13221051635742&sw_lat=37.72060601151162&sw_lng=-122.70658948364257" for 127.0.0.1 at 2017-10-04 16:32:07 -0400
Processing by EventsController#search as */*
Parameters: {"ne_lat"=>"37.82915414554321", "ne_lng"=>"-122.13221051635742", "sw_lat"=>"37.72060601151162", "sw_lng"=>"-122.70658948364257"}
... #NOTE: printing 'user' from byebug in ability.rb shows it as nil
CanCan::AccessDenied (You are not authorized to access this page.):
Note that the failing request does not select/load the user from a DB query. 请注意,失败的请求不会从数据库查询中选择/加载用户。 Any ideas what could be going wrong? 任何想法可能出什么问题吗? Ability.rb permissions allow this request, but the user is not being filled out correctly when calling asynchronously. Ability.rb权限允许此请求,但是在异步调用时未正确填写用户。
This request was previously working using jQuery but I've re-written it using fetch . 这个请求以前是使用jQuery的,但是我已经使用fetch重写了。
Here is the controller 这是控制器
class EventsController < ApplicationController
before_action :set_event, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
def index
@events = Event.all
end
...
def search
local_events = Event.includes(:address).references(:address)
.where("latitude >= ? AND latitude <= ? AND longitude >= ? AND longitude <= ?",
params[:sw_lat], params[:ne_lat], params[:sw_lng], params[:ne_lng]
)
.limit(50)
render json: local_events, only: [:id,:name,:description,:start], include: { address: { only: [:latitude,:longitude,:street_address] }}
end
end
And the ability.rb 和capability.rb
class Ability
include CanCan::Ability
def initialize(user)
can :read, :all
byebug
return if user == nil #user must be logged in after this point
#events
can [:search], Event
...
end
end
1 个解决方案
解决方案1
2 已采纳 2017-10-04 21:37:38
The asynchronous request does not query the user from DB because there is no user ID in the session. 异步请求不会从数据库查询用户,因为会话中没有用户ID。 There is no user ID in the session, because Fetch API 's fetch does not include cookies by default. 会话中没有用户ID,因为默认情况下Fetch API的fetch不包含cookie。
In order to send cookies with a Fetch Request set credentials option to "same-origin" or "include" : 为了发送带有“获取请求"same-origin" cookie,请将credentials设置为"same-origin"或"include" :
fetch(url, {
credentials: 'include' // or 'same-origin' (see the link below)
})
https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Sending_a_request_with_credentials_included https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Sending_a_request_with_credentials_included
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.