本文介绍了CanCan:限制用户根据其角色设置某些模型属性的能力的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 Post 模型,该模型具有:已发布的属性( boolean )和 User 模型,该模型具有 role 属性( string )。有三个角色: ROLES =%w [管理发布者作者]

I have a Post model with a :published attribute (boolean) and a User model with a role attribute (string). There are three roles: ROLES = %w[admin publisher author]

我不希望用户扮演其角色是作者的人,可以设置,或编辑,即Post模型上的:已发布字段。

I don't want users whose role is author to be capable of setting, or editing, the :published field on the Post model.

我正在使用CanCan(和RailsAdmin gem),简化后的Ability.rb文件如下所示:

I'm using CanCan (and RailsAdmin gem) and my simplified Ability.rb file looks like this:

class Ability
  include CanCan::Ability
  def initialize(user)
    user ||= User.new

    if user.role? :admin
      can :manage, :all
    elsif user.role? :publisher
      can :manage, Post
    elsif user.role? :author
      # I want to prevent these guys from setting the :published attribute
    end

  end
end

有人知道做这种事情的任何提示吗?

Anyone got any tips for doing this sort of thing?

推荐答案

到目前为止,这是不可能的。但是根据此内容:在资源属性部分

Update: you can see this on CanCan 2.0 branch here: https://github.com/ryanb/cancan/tree/2.0 in section "Resource Attributes"

这篇关于CanCan:限制用户根据其角色设置某些模型属性的能力的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-22 16:37