简体   繁体   English

CanCanCan 用户编辑自己的个人资料

[英]CanCanCan User edit his own profile

I got a really strange issue here.我在这里遇到了一个非常奇怪的问题。 Here is the line causing all the trouble in my ability.rb这是在我的ability.rb造成所有麻烦的ability.rb线ability.rb

    can [:edit, :update, :destroy], User, id: user.id

When I launch the rails console, I got the expected behaviour:当我启动 rails 控制台时,我得到了预期的行为:

u = User.last
a = Ability.new(u)
a.can?(:edit, u)
=> true
a.can?(:edit, User.first)
=> false

However when I launch a web browser, log me in as a user and try to edit another one, CanCanCan remains silent.但是,当我启动 Web 浏览器,以用户身份登录并尝试编辑另一个浏览器时,CanCanCan 保持沉默。 If I replace can by cannot , I can't edit any user.如果我更换cancannot ,我不能编辑任何用户。 It's as if it didn't lookup the condition.就好像它没有查找条件一样。

My UsersController got this line on top我的UsersController把这条线放在最上面

authorize_resource

I'm stuck with this, any help would be gladly appreciated.我坚持这一点,任何帮助将不胜感激。

cancancan 2.3.0坎坎坎 2.3.0
rails 5.2.1导轨 5.2.1

Make sure that your instance ( @user ) is loaded before authorize_resource action runs, otherwise it will check if user can access some Users ( can?(:edit, User) , which is always true), instead of exact user.确保在运行authorize_resource操作之前加载您的实例( @user ),否则它将检查用户是否可以访问某些用户can?(:edit, User) ,这始终为真),而不是确切的用户。

before_action :load_user, except:[:index, :new, :create]
authorize_resource

...

private def load_user
  @user = User.accessible_by(current_ability, action_name.to_sym).find(params[:id])
end

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM