文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >如何设置cancan?

如何设置cancan?
EN

Stack Overflow用户
提问于 2011-12-16 22:22:32
回答 1查看 719关注 0票数 1

我已经安装了devise。

我做到了,

代码语言:javascript
复制
rails g cancan:ability

这是我在应用程序/模型中获得的能力类

代码语言:javascript
复制
class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    #
    # The first argument to `can` is the action you are giving the user permission to do.
    # If you pass :manage it will apply to every action. Other common actions here are
    # :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on. If you pass
    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
end

posts表

代码语言:javascript
复制
                                   Table "public.posts"
   Column    |          Type          |                     Modifiers                      
-------------+------------------------+----------------------------------------------------
 id          | integer                | not null default nextval('posts_id_seq'::regclass)
 title       | character varying(100) | not null
 content     | character varying(500) | not null
 created_at  | date                   | 
 updated_at  | date                   | 
 tags        | character varying(55)  | not null default '50'::character varying
 category_id | integer                | not null default 1
 user_id     | integer                | 
Indexes:
    "posts_pkey" PRIMARY KEY, btree (id)

用户表

代码语言:javascript
复制
                                           Table "public.users"
         Column         |            Type             |                     Modifiers                      
------------------------+-----------------------------+----------------------------------------------------
 id                     | integer                     | not null default nextval('users_id_seq'::regclass)
 email                  | character varying(255)      | not null default ''::character varying
 encrypted_password     | character varying(128)      | not null default ''::character varying
 reset_password_token   | character varying(255)      | 
 reset_password_sent_at | timestamp without time zone | 
 remember_created_at    | timestamp without time zone | 
 sign_in_count          | integer                     | default 0
 current_sign_in_at     | timestamp without time zone | 
 last_sign_in_at        | timestamp without time zone | 
 current_sign_in_ip     | character varying(255)      | 
 last_sign_in_ip        | character varying(255)      | 
 confirmation_token     | character varying(255)      | 
 confirmed_at           | timestamp without time zone | 
 confirmation_sent_at   | timestamp without time zone | 
 username               | character varying(255)      | not null
 is_admin               | boolean                     | default false
 created_at             | timestamp without time zone | 
 updated_at             | timestamp without time zone | 
Indexes:
    "users_pkey" PRIMARY KEY, btree (id)
    "index_users_on_confirmation_token" UNIQUE, btree (confirmation_token)
    "index_users_on_email" UNIQUE, btree (email)
    "index_users_on_reset_password_token" UNIQUE, btree (reset_password_token)
    "index_users_on_username" UNIQUE, btree (username)

现在,我如何设置cancan来允许/拒绝PostController、CommentsController的某些操作?如果是user.is_admin = true,那么用户可以编辑、删除帖子、评论。否则普通用户只能在注册后才能添加帖子。任何访客用户都可以对任何帖子发表评论。

在PostsController中,我有

代码语言:javascript
复制
before_filter :authenticate_user! , :except => [:index, :show, :bla1, :bla2, :bla3, :bla4, :bla5, :bla6, :bla7, :bla8, :bla9]

在每个控制器中,我都必须编写这样的代码行,这太乏味了。有没有什么捷径可以减少每个控制器中的这一行?

ruby
ruby-on-rails-3.1
devise
cancan
ruby-on-rails
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2012-01-13 00:16:13

你应该这样设置你的ability.rb。

代码语言:javascript
复制
class Ability
   include CanCan::Ability

   def initialize(user)

     # rules for admin
     if user.is_admin?
       #if admin can do anything
       can :manage, :all
       #if admin can only edit and destroy posts and comments
       can :edit, Post
       can :destroy, Post
       can :edit, Comment
       can :destroy, Comment  
     end 

     #rules for registred user
     can :create, Post
   end
end

在你的控制器中

代码语言:javascript
复制
class PostsController < ApplicationController
   authorize_resource :except => show
end

class CommentsController < ApplicationController
   authorize_resource :only => [:edit,:update,:destroy]
end

希望这会对你有所帮助。:)

票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/8535498

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档