1
我实现了使用CanCan设计和管理角色权限的身份验证。我的应用程序管理食谱,当我销毁一个食谱,我得到我的会议关闭,并重定向到sign_in视图...Devise + CanCan在删除时出现奇怪的行为
如果我不检查身份验证和权限(请参阅上述recipes_controller)它工作正常。
这很奇怪,我不知道为什么会发生这种情况。请帮忙。
感谢
LOG:
Started POST "/recipes/21" for 127.0.0.1 at Thu Dec 08 19:53:30 +0100 2011
Processing by RecipesController#destroy as HTML
Parameters: {"id"=>"21"}
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 5 LIMIT 1
Completed 401 Unauthorized in 44ms
Started GET "https://stackoverflow.com/users/sign_in" for 127.0.0.1 at Thu Dec 08 19:53:30 +0100 2011
Processing by Devise::SessionsController#new as HTML
Rendered devise/shared/_links.erb (2.5ms)
Rendered devise/sessions/new.html.erb within layouts/application (14.2ms)
Completed 200 OK in 52ms (Views: 20.8ms | ActiveRecord: 0.0ms)
RECIPES_CONTROLLER:
class RecipesController < ApplicationController
before_filter :authenticate_user!
load_and_authorize_resource
def destroy
@recipe = Recipe.find(params[:id])
@recipe.destroy
redirect_to recipes_url, :notice => "Successfully destroyed Recipe."
end
能力:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user
if user.role? :super_admin
can :manage, :all
else if user.role? :super_read_admin
can :read, :all
else
# manage reciped he owns
can :manage, Recipe do |recipe|
recipe.owner == user
end
end
end
end
end
用户是SuperAdmin,他拥有配方... – Daniel
查看答案的更新:在评论中编写代码不是非常可读...让我知道输出。 –
不知道你是否期待我的答案在这里...第二个命令不适用于我,但如果我把“放入user.role?:super_admin”它表示真。最后一个命令是True。如果用户没有销毁配方的权限,那么应用程序将不会关闭设计会话 – Daniel