与CanCan,Devise和Rolify建立关联的授权
[英]Authorization on an association with CanCan,Devise and Rolify
问题描述
I have the current database estructure in my application: 
我的应用程序中具有当前的数据库结构:
Publisher has_many videos, has_many users
Video belongs_to publisher
User belongs_to publisher
I want to be able to give permissions to the users based on the publisher, but the object that actually gets edited it's the video object. 我希望能够根据发布者向用户授予权限,但是实际上被编辑的对象是视频对象。
Meaning that an User X can edit videos from publisher 1 and 2 but User Y can only edit videos from publisher 2 and 3 and so on. 这意味着用户X可以编辑来自发布者1和2的视频,而用户Y只能编辑来自发布者2和3的视频,依此类推。 I'm pretty sure this can be done with the CanCan, Devise, Rolify combo. 我很确定可以使用CanCan,Devise,Rolify组合来完成此操作。
Can anyone point me in the right direction here? 有人可以在这里指出正确的方向吗?
1 个解决方案
解决方案1
1 已采纳 2012-08-13 15:56:31
sorry for the delayed response. 回复较晚,抱歉。 Hopefully you've figured out your problem by now, but I will provide a solution for you. 希望您现在已经解决了您的问题,但是我会为您提供解决方案。
In your CanCan ability you have something like this: 在您的CanCan能力中,您具有以下内容:
def initialize(current_user)
current_user ||= User.new
can :update, Video do |video|
current_user.publisher_list.contains? video.publisher
end
end
The above code will work if user.publisher_list returns a list of publishers a user can modify. 如果user.publisher_list返回用户可以修改的发布者列表,则上面的代码将起作用。 I believe you can also do: 我相信您也可以:
def initialize(current_user)
current_user ||= User.new
can :update, Video, publisher: {id: current_user.publisher_list}
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.