[英]How to get a permission from a relationship using CanCanCan?
In my app I have a model called User that has_one Talent. 在我的应用程序中,我有一个名为User的has_one Talent模型。
In CanCanCan I have this ability: 我可以在CanCan中具备此功能:
class Ability
include CanCan::Ability
def initialize(user)
if user.nil?
can :read, User
can :read, Talent, is_public?: true
else
can :read, Talent, is_public?: true
end
My page is being rendered by the ProfilesController#show. 我的页面正在由ProfilesController#show呈现。 Like this:
像这样:
class ProfilesController < ApplicationController
before_action :check_ability, except: [:show]
def show
@user = User.find(params[:id])
authorize! :read, @user
authorize! :read, @user.talent
if current_user
sent_connections = current_user.sent_connections
connections = sent_connections + current_user.all_connections
@is_connected = !(connections.select { |c| c.user.id == @user.id }.empty?)
end
@top_5_photos = @user.top_5_photos
end
Well. 好。 Im trying to render a profile that the method: is_public returns false.
我试图渲染一个配置文件,方法:is_public返回false。 But the page is being rendered correctly, while I expected was that the user cant see the page because of the rule:
但是页面显示正确,而我期望的是由于以下原因用户无法看到页面:
can :read, Talent, is_public?: true
What Im missing here? 我在这里缺少什么?
If I remember it correctly, 如果我没记错的话
can :read, Talent, is_public?: true
^ is_public?
^
is_public?
above is expected to be an attribute by Cancancan. 以上内容是Cancancan的属性 。
But because is_public?
但是因为
is_public?
is a custom method, then can you try the following instead? 是自定义方法,那么您可以尝试以下方法吗?
can :read, Talent do |talent|
talent.is_public?
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.