问题描述
我有一个 Post 模型,该模型具有:已发布的
属性( boolean )和 User 模型,该模型具有 role
属性( string )。有三个角色: ROLES =%w [管理发布者作者]
I have a Post model with a :published
attribute (boolean) and a User model with a role
attribute (string). There are three roles: ROLES = %w[admin publisher author]
我不希望用户扮演其角色是作者的人,可以设置,或编辑,即Post模型上的:已发布
字段。
I don't want users whose role is author to be capable of setting, or editing, the :published
field on the Post model.
我正在使用CanCan(和RailsAdmin gem),简化后的Ability.rb文件如下所示:
I'm using CanCan (and RailsAdmin gem) and my simplified Ability.rb file looks like this:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
if user.role? :admin
can :manage, :all
elsif user.role? :publisher
can :manage, Post
elsif user.role? :author
# I want to prevent these guys from setting the :published attribute
end
end
end
有人知道做这种事情的任何提示吗?
Anyone got any tips for doing this sort of thing?
推荐答案
到目前为止,这是不可能的。但是根据此内容:在资源属性部分
Update: you can see this on CanCan 2.0 branch here: https://github.com/ryanb/cancan/tree/2.0 in section "Resource Attributes"
这篇关于CanCan:限制用户根据其角色设置某些模型属性的能力的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!