Rails CANCAN - 第一次點擊時無法訪問
[英]Rails CANCAN - No Access on first click
問題描述
我在使用Rails 4和CanCan時遇到了一些麻煩。 我做了所有喜歡這里描述的https://github.com/ryanb/cancan ,實際上它有效,但我有以下問題:
有時,當我點擊導航中的鏈接例如“員工”打開員工/顯示頁面時,CanCan會發出警報:
“......員工/?警報=你+ +是不是+授權+到+接入+這個+頁面”
然后我將重定向到主頁面。
當我再次點擊同一鏈接時,頁面將會打開。 現在沒有訪問問題......
我不知道這個問題的原因是什么...... :(
我希望有人可以提供幫助。
一些代碼:
ability.rb
def initialize(user)
if user.admin?
can :manage, :all
elsif user.secretary?
can :manage, :all
cannot [:destroy],[Employee, Setting, Section, Role, Position]
elsif user.leader?
can :manage, :all
cannot [:manage],[Setting, Section, Role, Position]
cannot [:destroy],[Project, Customer, Distributor]
cannot [:destroy, :edit],[Employee]
elsif user.employee?
can :manage, :all
cannot [:manage],[Setting, Section, Role, Position, Employee, Customer, Distributor]
cannot [:destroy, :edit],[Project]
else
#can :read, :all
end
end
employees_controller.rb
class EmployeesController < ApplicationController
before_action :set_employee, only: [:show, :edit, :update, :destroy]
#before_action :set_tmpPswVar, only: [:show]
#CanCan
load_and_authorize_resource
...
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
include SessionsHelper
before_action :require_login
protect_from_forgery with: :exception
#load_and_authorize_resource
#CanCan
skip_authorization_check
#for CanCan version necessary because is not optimized for rails 4
#without that eacht create method will generate an ForbiddenAttributeError!
before_filter do
resource = controller_name.singularize.to_sym
method = "#{resource}_params"
params[resource] &&= send(method) if respond_to?(method, true)
end
#CANCAN
rescue_from CanCan::AccessDenied do |exception|
redirect_to :controller=>"workdays", :action => "index", :alert => exception.message
end
...
最好的問候Kumaro
1 個解決方案
解決方案1
3 已采納 2015-10-12 17:06:49
不幸的是,CanCan不支持Rails 4+。 您應該使用CanCanCan:
Rails 3.2 - 在CanCan中訪問自定義操作的拒絕例外 - 但僅限於生產中
[英]Rails 3.2 - Access denied exception for custom action in CanCan - but only in production
如何在Rails中限制不同用戶角色對模型的訪問(can can gem)?
[英]How to restrict the access to models for different user roles in rails (cancan gem)?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.