[英]Rails CanCanCan ability issue with model-less controller
I have a simple controller method: WelcomeController#dashboard
that is intended to be the landing page AFTER a user logs in (the user has the role of 'manager' for this test). 我有一个简单的控制器方法:
WelcomeController#dashboard
,旨在作为用户登录后的登录页面(此测试,用户具有“经理”的角色)。
I'm starting out simple, so there isn't much to this controller yet controllers/welcome_controller.rb : 我刚开始很简单,所以这个控制器没有什么了,但是controllers / welcome_controller.rb :
class WelcomeController < ApplicationController
skip_authorize_resource only: :index
authorize_resource class: false, only: [:dashboard]
skip_before_action :authenticate_user!, only: [:index]
layout 'external', only: [:index]
def index; end
def dashboard; end
end
So, I've got CanCanCan installed and in my models/ability.rb file: 所以,我已经安装了CanCanCan并在我的models / ability.rb文件中:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
can :access, :rails_admin
elsif user.manager?
can :read, Lesson
can :access, :dashboard
can :modify, Company
elsif user.user?
can :read, Lesson
else
can :read, :root
end
end
end
However, my Rspec test is failing and I cannot figure out why. 但是,我的Rspec测试失败了,我无法弄清楚原因。 The code in spec/controllers/welcome_controller_spec.rb is:
spec / controllers / welcome_controller_spec.rb中的代码为:
require 'rails_helper'
require 'cancan/matchers'
RSpec.describe WelcomeController, type: :controller do
describe 'GET #index' do
it 'returns http success' do
get :index
expect(response).to have_http_status(:success)
end
end
describe 'GET #dashboard' do
it 'manager routes to dashboard after login' do
company = Company.create!(name: 'ACME', domain: 'acme.com')
user = User.create!(email: 'test@test.com', password: 'password', password_confirmation: 'password', company_id: company.id, role: 1)
sign_in user
get :dashboard
expect(response).to have_http_status(:success)
end
it 'user does not route to dashboard after login' do
user = create(:user)
sign_in user
expect { get :dashboard }.to raise_error(CanCan::AccessDenied)
end
end
end
Which results in this error: 导致此错误:
Failures:
1) WelcomeController GET #dashboard manager routes to dashboard after login
Failure/Error: get :dashboard
CanCan::AccessDenied:
You are not authorized to access this page.
# ./spec/controllers/welcome_controller_spec.rb:17:in `block (3 levels) in <top (required)>'
I find it interesting that only the "manager routes to dashboard after login" test is what is failing, since the 3rd test for the user passes without an issue even though I'm using the same :dashboard
call. 我发现有趣的是,只有“登录后管理器路由到仪表板”测试失败了,因为即使我使用的是相同的
:dashboard
调用,该用户的第三次测试也可以顺利通过。
I'd be grateful for any help/suggestions. 如果有任何帮助/建议,我将不胜感激。
Thanks! 谢谢!
my understanding there is no action with alias_action name :access , refering from this link (please correct me if it's not correct), but you can create custom action with alias_action 我的理解是没有使用alias_action名称为:access的操作 , 从此链接引用(如果不正确,请更正我),但是您可以使用alias_action创建自定义操作
your ability.rb 你的能力
class Ability
include CanCan::Ability
def initialize(user)
# here you create alias_action
alias_action :create, :read, :update, :destroy, to: :access
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
can :access, :rails_admin
elsif user.manager?
can :read, Lesson
can :access, :dashboard
can :modify, Company
elsif user.user?
can :read, Lesson
else
can :read, :root
end
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.