CanCan +为设计用户模型设计

Question

Using devise , I have a User model. I do not have a user controller.

To use CanCan I need to do (below) at the top of my controllers

# Authorization w Devise & CanCan
before_filter :authenticate_user! # Devise, signed in users only
load_and_authorize_resource # CanCan

Where do I add this so I can have permissions for the User model given I have no user controller?

Thanks

Answer 1

You can add that code to any controller for which you need authentication, you don't need an UsersController

before_filter :authenticate_user!

this line require a valid user signed in with devise, so if you try to access a controller with this before_filter without being logged you'll be redirected by devise to the sign_in_path

load_and_authorize_resource # CanCan

this other line will fill an instance variable to a default value (if not already set) and then check your privileges using the Ability class, so assuming you have an ArticleController it will do the following behind the scenes (actual code is based on the current action)

# for the show action
@article = Article.find(params[:id])
raise CanCan::AccessDenied unless can(:read, @article)

The can(:read, @article) statement is the hearth of CanCan library, it will return a boolean value based on your ability class. Can read more on it here

If your whole application requires authentication you can simply add the before_filter :authenticate_user! line to the ApplicationController