因此,我正在尝试使用gem pundit。我只是想弄清楚如何为用户和管理员提供索引视图。我想为管理员呈现所有结果,而仅为用户呈现相关帖子。我已经在github上进行了搜索和搜索,但是没有找到任何运气。我必须在策略和控制器中添加什么?
原始码
class PostsPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user
@post = model
end
def index?
@current_user.admin?
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = Post.order('title').page(params[:page]).per(25)
authorize User
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
第二次更新
class PostsPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize User
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
第三次更新
class PostPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
def index?
user.admin? || user.posts.count > 0
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize User
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
**使用工作代码的最终更新**
class PostPolicy
attr_reader :user, :model
def initialize(user, model)
@user = user
@post = model
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
def index?
user.admin? || user.posts.count
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize Post
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
您正在寻找的是一个范围:
class PostsPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
end
然后在您的控制器中
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize User
end
编辑
附带说明,authorize User
从长远来看,可能不会很好地为您服务。本质上,您正在创建需要服务于每个索引的索引策略。如果您想授权索引页的可见性,您仍然可以在策略中执行以下操作:
def index?
user.admin? || user.posts.count > 0
end
假设已建立关系,那么您将authorize Post
在policy_scope之前调用索引控制器。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句