對角色和多個設計模型使用CanCanCan嗎?
[英]Using CanCanCan for Roles and Multiple Devise Models?
問題描述
我需要使用CanCanCan來限制所有用戶只能查看自己的數據或允許他人查看有限數據的能力。
我已經嘗試了以下方法,但是不起作用:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
affiliate ||= Affiliate.new # guest user (not logged in)
# guest ||= U
#Admin
if user.admin?
can :manage, :all
elsif user.seller?
can :manage, Listing, user_id: user.id
can :read, Listing
can :manage, Order, buyer_id: user.id
can :manage, Order, seller_id: user.id
can :manage, StripeAccount, user_id: user.id
can :manage, BankAccount, user_id: user.id
can :manage, User, user_id: user.id
elsif affiliate
can :manage, User, affiliate_id: affiliate.id
can :read, Order
can :manage, StripeAccount, affiliate_id: affiliate.id
can :manage, Affiliate, affiliate_id: affiliate.id
#Buyer
elsif user.buyer?
can :read, Listing
can [:create, :read, :edit, :purchases, :update], Order, buyer_id: user.id
#Guest
else
can :read, Listing
can [:create, :order_confirmation], Order
# can :create, User
end
end
end
當我以會員身份登錄時,它不會讓我查看與affiliate.id相關聯的StripeAccount,並且該鏈接位於模型中。
我有兩個模型,User和Affiliate。
用戶的角色為枚舉1,2,3。 (管理員為3)會員的角色為枚舉1,2
我需要為每個設計模型和每個設計模型中的每個角色設置限制。
1 個解決方案
解決方案1
0 2019-03-08 01:51:14
這似乎已經解決了,仍在測試:
private
def current_ability
@current_ability ||= Ability.new(current_user, current_affiliate)
end
然后用:
def initialize(user, affiliate)
具有CanCanCan的多個Devise用戶或一個用戶和權限?
[英]Multiple Devise users or one user and permissions with CanCanCan?
Rails,通過模型角色管理儀表板頁面的訪問。 使用設計
[英]Rails, managing access of dashboard pages by models roles. Using devise
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.