0

我正在使用 CanCan 和 Devise 进行用户身份验证和权限。

用户可以为其帐户指定一个密钥持有者,他们将拥有不同的权限。密钥持有者有一个名为“access_id”的属性,与他们可以访问的帐户的 id 相同。我想要实现的是以下内容:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user

    if user.admin?
      can :manage, :all
    elsif user.keyholder?
      can :read, Folder do |folder|
        folder.try(:user) == user.access_id
      end 
    else
      can :create, :all
      can :manage, :all do |all|
        all.try(:user) == user
      end
    end



  end
end

但是使用此代码,密钥持有者无法访问他们被指定访问的帐户。如何纠正代码以实现这一点?谢谢!

4

1 回答 1

0

你可以试试

folder.user_id == user.access_id

假设密钥持有人已登录。

以便

user.keyholder? => true
user => keyholder
user.access_id => id of user who did nominate current_user
folder.user_id => id of folder owner

编辑

如果您还希望该密钥持有人也可以访问他/她的文件夹:

( folder.user_id == user.access_id ) || ( folder.user_id == user.id )

但是这个更好,把它放在你的 if / else 语句中,这样任何人(密钥持有者或普通用户)都可以访问他/她自己的文件夹。

def initialize(user)
user ||= User.new # guest user

# every one reads his own folder.. or you can copy this to wherever you want
can :read, Folder do |folder|
  folder.user_id == user.id
end 

if user.admin?
  can :manage, :all
elsif user.keyholder?
  can :read, Folder do |folder|
    # but keyholder accesses even more
    folder.user_id == user.access_id
  end 
else
  can :create, :all
  can :manage, :all do |all|
    all.try(:user) == user
  end
end
end

另外,您也可以定义 can :read for keyholder 多次。像:

elsif user.keyholder?
  can :read, Folder do |folder|
    folder.user_id == user.access_id
  end 
  can :read, Folder do |folder|
    folder.user_id == user.id
  end 
else
于 2013-02-28T18:39:43.667 回答