2

一天以来,我一直在反对这一点。我正在尝试为属于具有许多设计的用户的名为 Design 的模型实施权威策略(使用 Devise 进行身份验证)。create 和 new 是否也应该在操作后进行授权?看来这应该可行。非常感谢帮助

我不断地遇到

ArgumentError(参数数量错误(0 为 2)):

创建新设计时(“调试器”所在的位置)。我认为它将有效的@design 传递给策略查找器。这可能是我在策略中设置范围的方式。

这是设计控制器:

class DesignsController < ApplicationController
  before_filter :authenticate_user!
  before_action :set_design, only: [:show, :edit, :update, :destroy]
  after_action :verify_authorized, except: [:index, :new]

  # GET /designs
  # GET /designs.json
  def index
    @designs = policy_scope(Design)

  end

  # GET /designs/1
  # GET /designs/1.json
  def show
  end

  # GET /designs/new
  def new
    @design = Design.new  

  end

  # GET /designs/1/edit
  def edit
  end

  # POST /designs
  # POST /designs.json
  def create
    @design = Design.new(design_params)
     @design.user_id = current_user.id

    respond_to do |format|
      if @design.save
        format.html { redirect_to @design, notice: 'Design was successfully created.' }
        format.json { render :show, status: :created, location: @design }
      else
        format.html { render :new }
        format.json { render json: @design.errors, status: :unprocessable_entity }
      end
    end
    debugger // This is where it throws the exception
    authorize @design
  end

  # PATCH/PUT /designs/1
  # PATCH/PUT /designs/1.json
  def update
    respond_to do |format|
      if @design.update(design_params)
        format.html { redirect_to @design, notice: 'Design was successfully updated.' }
        format.json { render :show, status: :ok, location: @design }
      else
        format.html { render :edit }
        format.json { render json: @design.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /designs/1
  # DELETE /designs/1.json
  def destroy
    @design.destroy
    respond_to do |format|
      format.html { redirect_to designs_url, notice: 'Design was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_design
      @design = Design.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def design_params
      params.require(:design).permit(:name, :description, :design_model, :certification_for_distribution, :manufacturing_test)
    end
end

这是设计策略类

class DesignPolicy 

  class Scope<DesignPolicy
    attr_reader :user, :scope

    def initialize(user,scope)
      @user = user
      @scope = scope
    end

    def resolve
      if user.admin?

        @scope.all
      else

        @scope.all.where(user_id: user.id)
      end
    end
  end

  def index?
    debugger
    true
  end

  def new?
    debugger
    @current_user != nil
  end

  def create?
    @current_user != nil
    new?
  end



end
4

1 回答 1

1
  1. 范围不应继承自 DesignPolicy https://github.com/elabs/pundit#scopes
  2. 您还需要设置 DesignPolicy 以具有初始化方法https://github.com/elabs/pundit#policies

如果您让它们从 ApplicationPolicy 继承,那么您不需要在每个策略中设置初始化方法。权威文档非常好,我几乎每天都参考它。只要你了解 Ruby 中的类和继承,你应该没有问题。

于 2014-10-24T17:50:57.510 回答