我有一个使用Devise和cancan的rails应用程序。我只想让用户编辑自己的数据,但仍然能够查看所有人的相关信息。rails cancan允许用户编辑* only *他们的数据,但查看每个人
我:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role == "member"
their own only
can :read, User
can :manage, User, user_id: user.id
elsif user.role == "guest"
can :read, User
end
我也有:
class User < ActiveRecord::Base
#attr_accessible :name , :email # Include default devise modules. Others available are:
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
ROLES = %w[member guest]
def is?(requested_role)
self.role == requested_role.to_s
end
end
但我仍然可以编辑和删除其他用户的意见。当我不能够。为什么?我究竟做错了什么? 轨道4 设计2.5.2 康康舞1.6
感谢