在我的数据模型中:
Company has_many offices
Employee has_many offices, through: :employee_office(这就是我允许公司管理员允许员工进入某些办公室而不是其他办公室的方式)
Office has_many appointments和
Appointment belongs_to office
我想定义一种能力,使用CanCanCan它允许一个只有在该处的作品被制作的情况下才可以Employee对一个执行操作。AppointmentEmployeeOfficeAppointment
像这样的伪代码:
Employee can :manage Appointment, Employee.offices.include?(Appointment.office)
这是我到目前为止所拥有的:
class EmployeeAbility
include CanCan::Ability
def initialize(employee)
can :read, Company, :id => employee.company.id
can :read, Office, :id => employee.company.id
#I'd like to include the above psuedocode here, but I'm not sure how to structure it
end
end
谢谢!