alias_action :index,show,:to => :read
但是,请考虑使用嵌套资源的以下场景:
resources :posts resources :comments end
如果我定义这样的能力:
# ability.rb can :read,Post can :show,Comment # comments_controller.rb load_and_authorize_resource :organization,:find_by => :permalink load_and_authorize_resource :membership,:through => :organization
事情按预期工作.但是,如果我将:read操作更改为[:index,:show]:
# ability.rb can [:index,:show],:through => :organization
我未经授权访问/ posts /:post_id / comments,/ posts /:post_id / comments /:id等.但是我仍然可以访问:index和:show for posts_controller.
如果这些动作的行为有所差异,那么这些动作可能是“别名”
在我的迷茫中,我也遇到了以下.将load_and_authorize_resource更改为以下允许的访问权限:
# ability.rb can [:index,Comment # comments_controller.rb load__resource :organization,:through => :organization
有人可以解释这里发生了什么吗?
解决方法
Both the
:index
and:show
actions
point to the:read
action. But when
CanCan authorizes a parent resource it
uses the:read
action directly which
is why you’re seeing this behavior.I think this has caused confusion
before,so I will change the internal
behavior to never use the:read
action directly. Instead of a
:parent
resource I’ll change it to
use:show
and for the
accessible_by
default I will use
:index
instead of:read
. Thanks
for bringing this to my attention.
原文地址:https://www.jb51.cc/ruby/267089.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。