company.rb :
class Company < ActiveRecord::Base
has_many :companies_admins, dependent: :destroy
has_many :supervisors, through: :companies_admins
end
companies_admin.rb :
class CompaniesAdmin < ActiveRecord::Base
belongs_to :company
belongs_to :supervisor, foreign_key: "admin_id"
end
supervisor.rb :
class Supervisor < Admin
has_many :companies_admins, foreign_key: "admin_id"
has_many :companies, through: :companies_admins, foreign_key: "admin_id"
end
나는 cancancan gem을 사용합니다. 내 ability.rb :
class Ability
include CanCan::Ability
def initialize(user)
user ||= Admin.new # guest user (not logged in)
if user.type == "Administrator"
can :manage, :all
elsif user.type == "Supervisor"
can :manage, Company, companies_admins: {supervisor: { :id => user.id } }
end
end
end
companies_controller.rb :
class CompaniesController < ApplicationController
load_and_authorize_resource only: [:new, :create, :edit, :update, :index, :show, :destroy]
load_and_authorize_resource :supervisor
load_and_authorize_resource through: :supervisor
...
end
관리 할 수 있고 관계가있는 회사 만 감독해야합니다. 예 : 감독자
회사 id = 10 페이지를 열면 액세스가 거부됩니다.
Started GET "/companies/10" for 127.0.0.1 at 2016-06-05 14:23:01 +0300
Processing by CompaniesController#show as HTML
Parameters: {"id"=>"10"}
Company Load (0.4ms) SELECT "companies".* FROM "companies" WHERE "companies"."id" = $1 LIMIT 1 [["id", 10]]
Admin Load (0.3ms) SELECT "admins".* FROM "admins" WHERE "admins"."id" = $1 LIMIT 1 [["id", 4]]
CompaniesAdmin Load (0.4ms) SELECT "companies_admins".* FROM "companies_admins" WHERE "companies_admins"."company_id" = $1 [["company_id", 10]]
Supervisor Load (0.4ms) SELECT "admins".* FROM "admins" WHERE "admins"."type" IN ('Supervisor') AND "admins"."id" = $1 LIMIT 1 [["id", 2]]
Supervisor Load (0.4ms) SELECT "admins".* FROM "admins" WHERE "admins"."type" IN ('Supervisor') AND "admins"."id" = $1 LIMIT 1 [["id", 4]]
Redirected to http://localhost:3000/
Completed 302 Found in 20ms (ActiveRecord: 1.9ms)
그 이유는 무엇입니까? 표현 "포함"을 식별하는 방법?
편집 : 매우 이상합니다. 관리자라도 : all Company를 교체 할 때 액세스가 거부되었습니다. 왜?
def initialize(user)
user ||= Admin.new # guest user (not logged in)
puts user.type
if user.type == "Administrator"
can :manage, Company
elsif user.type == "Supervisor"
can :show, :all
end
end
Started GET "/companies/10" for 127.0.0.1 at 2016-06-05 22:55:49 +0300
Processing by CompaniesController#show as HTML
Parameters: {"id"=>"10"}
Admin Load (0.3ms) SELECT "admins".* FROM "admins" WHERE "admins"."id" = $1 LIMIT 1 [["id", 1]]
Administrator
Redirected to http://localhost:3000/
Completed 302 Found in 42ms (ActiveRecord: 2.5ms)
레일 콘솔에서 :
irb(main):005:0> mi = Admin.find(1)
Admin Load (0.7ms) SELECT "admins".* FROM "admins" WHERE "admins"."id" = $1 LIMIT 1 [["id", 1]]
=> #<Administrator id: 1, type: "Administrator", login: "mars", crypted_password: "8d6ff3f5b32b22726a45b1f8fa69519debf9ec8157d78f8e41...", password_salt: "2oMqwXKIukbKpdEXip", persistence_token: "37127e1f262d4efb44bc458df76e110a6ee78969c94c84a43c...", created_at: "2016-06-04 21:11:18", updated_at: "2016-06-05 09:06:15">
irb(main):006:0> comp = Company.find(10)
Company Load (0.9ms) SELECT "companies".* FROM "companies" WHERE "companies"."id" = $1 LIMIT 1 [["id", 10]]
=> #<Company id: 10, parent_id: nil, address_id: 6, name: "test_address"...>
irb(main):007:0> ability = Ability.new(mi)
Administrator
=> #<Ability:0x007f09513a0938 @rules=[#<CanCan::Rule:0x007f09513a0898 @match_all=false, @base_behavior=true, @actions=[:manage], @subjects=[Company(id: integer, parent_id: integer, address_id: integer, name: string, info: string, created_at: datetime, updated_at: datetime, site_link: string, vk_link: string, raiting: float, city_id: integer, paid: integer)], @conditions={}, @block=nil>], @rules_index={Company(id: integer, parent_id: integer, address_id: integer, name: string, info: string, created_at: datetime, updated_at: datetime, site_link: string, vk_link: string, raiting: float, city_id: integer, paid: integer)=>[0]}>
irb(main):008:0> ability.can?(:manage, comp)
=> true
내가 뭘 잘못 했어?
흠, 작동합니다.
class Ability
include CanCan::Ability
def initialize(user)
user ||= Admin.new # guest user (not logged in)
if user.type == "Administrator"
can :manage, Company
elsif user.type == "Supervisor"
can :manage, Company do |comp|
comp.supervisor_ids.include?(user.id)
end
end
end
end
companies_controller.rb :
class CompaniesController < ApplicationController
load_and_authorize_resource only: [:new, :create, :edit, :update, :index, :show, :destroy]
....
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다