[英]How do you authorize access to a page dealed by a controller without corresponding model with Cancancan?
沒有相應 model 的 Spree 管理員 controller,其訪問試用重定向到其他頁面。
對應的嘗試代碼:
module Spree
module Admin
class TutorialsController < Spree::Admin::BaseController
authorize_resource :class => false
def index
end
end
end
end
在app/models/spree/ability_decorator.rb中添加了以下內容:
can :manage, :'tutorial'
can :manage, :'admin/tutorial'
can :manage, :'admin_tutorial'
can :manage, :'spree/admin/tutorial'
can :manage, :'spree_admin_tutorial'
但是這些授權都不能解決問題。 當然,在這個地方添加can:manage, :all將使頁面可以根據需要訪問,所以這絕對是接近所需但不那么寬松的解決方案。 即使在 controller 中使用skip_authorization_check也無法解決問題,請求將被重定向到具有這些相應初始日志的admin/products :
Started GET "/admin/tutorials" for 127.0.0.1 at 2020-04-30 17:11:28 +0200
Processing by Spree::Admin::TutorialsController#index as HTML
Spree::Preference Load (2.9ms) SELECT "spree_preferences".* FROM "spree_preferences" WHERE "spree_preferences"."key" = $1 LIMIT $2 [["key", "spree/backend_configuration/locale"], ["LIMI
T", 1]]
↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/bundler/gems/spree_i18n-a03ecad00a1e/lib/spree_i18n/controller_locale_helper.rb:21
Spree::User Load (3.2ms) SELECT "spree_users".* FROM "spree_users" WHERE "spree_users"."deleted_at" IS NULL AND "spree_users"."id" = $1 ORDER BY "spree_users"."id" ASC LIMIT $2 [["id",
194], ["LIMIT", 1]]
↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98
Spree::Role Load (3.4ms) SELECT "spree_roles".* FROM "spree_roles" INNER JOIN "spree_role_users" ON "spree_roles"."id" = "spree_role_users"."role_id" WHERE "spree_role_users"."user_id" =
$1 [["user_id", 194]]
↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98
Spree::Producer Load (2.6ms) SELECT "spree_producers".* FROM "spree_producers" WHERE "spree_producers"."id" = $1 LIMIT $2 [["id", 16], ["LIMIT", 1]]
↳ app/models/spree/ability_decorator.rb:123
Redirected to http://localhost:5000/forbidden
Completed 302 Found in 80ms (ActiveRecord: 41.4ms)
在進行了幾次其他重定向之后,請求會導致前面所述的路徑。
skip_authorization_check 在這種情況下,畢竟不需要特殊能力。 Spree::BaseController設置正確的權限以授予目標訪問權限,這與Spree::Admin::BaseController 。 為了保持 CSS 風格一致,需要明確的layout聲明。
module Spree
module Admin
class TutorialsController < Spree::BaseController
layout 'spree/layouts/admin'
def index; end
end
end
end
使用cancancan時添加沒有相應模型的Controller
[英]Adding a Controller without corresponding model while using cancancan
使用 CanCanCan,我如何在 controller 中授權 either/or?
[英]Using CanCanCan, how do I authorize either/or in a controller?
如何在布局/應用程序中(在軌道中)使用gem cancancan? 它沒有控制器來添加authorize_resource嗎?
[英]how to use gem cancancan in layouts/application (in rails) ? it doesn't has controller to add authorize_resource?
ActiveAdmin + CanCanCan錯誤:受保護的方法`authorize!'調用<Every ActiveAdmin Controller>
[英]ActiveAdmin + CanCanCan errors with : protected method `authorize!' called for <Every ActiveAdmin Controller>
CanCanCan gem:load_and_authorize_resource和控制器的索引動作
[英]CanCanCan gem: load_and_authorize_resource and a controller's index action
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.