stackoom
  简体   繁体   中英

CanCanCan for custom controllers with not models

 原文  2017-03-16 13:27:00       ruby-on-rails/ ruby-on-rails-5/ cancan/ cancancan

Question

I know how to restrict access for RESTful applications with CanCan in Rails 5.

Some of my actions and controllers are not RESTful.

For example I have a report_controller with a user_report method. There is no model directly linked to this controller/action. 

class ReportController < ApplicationController

  load_and_authorize_resource

  def user_report

  end

end

How can I define an ability in my ability.rb file to restrict access to this action?

1 answers

solution1
 0  2017-03-16 14:13:57

In ability.rb define a custom ability like this: 

can :view_reports, MyClass

In your user_report action, manually authorize against that ability: 

def user_report
  authorize! :view_reports, MyClass
  # ...
end

Also, remove load_and_authorize_resource from ReportController since you are invoking authorize! directly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using cancancan's check_authorization with devise with custom controllers? Cancancan: set authorization for all controllers cancancan custom action not working Error in cancancan ability initializer when testing controllers Using CanCanCan for Roles and Multiple Devise Models? Rails, RefineryCMS, can I still create custom controllers, models, etc How to authorize namespace, model-less controllers using CanCanCan? Models and Controllers usage namespaced controllers + models in subfolders Rails models and controllers
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM