1

这是代码。

class WebsitesController < ApplicationController
  load_and_authorize_resource

  ...
end

class ApplicationController < ActionController::Base
  ...

  check_authorization :unless => :do_not_check_authorization?

  private
    def do_not_check_authorization?
      respond_to?(:devise_controller?)
    end
end

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new
    if user.role? == "admin"
      can :manage, :all
    elsif user.role? == "developer"
      can :manage, :websites
      can :manage, :pages
      can :manage, :templates
    elsif user.role? == "editor"
      can :manage, :pages
    end
  end
end

从外观上看,具有管理员角色的用户应该能够对网站控制器执行任何操作,因为can :manage, :all.

但是当我点击网站/索引时,我得到

CanCan::AccessDenied in WebsitesController#index

You are not authorized to access this page.

为什么会这样?

4

1 回答 1

1

我太笨了

user.role?回来了true,但true == "admin"总是假的。

于 2013-03-28T00:50:50.993 回答