1

我有以下型号:

class User
  has_many :videos
  has_many :videos_shared_by, class_name: "SharedVideo", foreign_key: "shared_by_id"
  has_many :videos_shared_to, class_name: "SharedVideo", foreign_key: "shared_to_id"

  has_many :followee_relationships, class_name: "Relationship", foreign_key: "follower_id"
  has_many :follower_relationships, class_name: "Relationship", foreign_key: "followee_id"

  has_many :following, through: :followee_relationships, source: :followee
  has_many :followers, through: :follower_relationships, source: :follower

  has_many :blocked_followee_relationships, -> { blocked }, class_name: "Relationship", foreign_key: "follower_id"
  has_many :blocked_follower_relationships, -> { blocked }, class_name: "Relationship", foreign_key: "followee_id"

  has_many :blocking, through: :blocked_followee_relationships, source: :followee
  has_many :blockers, through: :blocked_follower_relationships, source: :follower
end

class Video
  belongs_to :user

  has_many :shares, class_name: "SharedVideo"
  has_many :shared_to, through: :shares, source: :shared_to
  has_many :shared_by, through: :shares, source: :shared_by

  has_many :reviews

  has_many :blocking, through: :user
  has_many :blockers, through: :user

  def private?
   !public?
  end
end

class Review
  belongs_to :video
  belongs_to :linked_reivew, class_name: "Review"
end

class SharedVideo
  belongs_to :video
  belongs_to :shared_by, class_name: "User"
  belongs_to :shared_to, class_name: "User"
end

linked_review我认为除了Review 模型中的关联之外,一切都是不言自明的。任何两个评论都可以相互链接,基本上创建了我所说的双重评论。

在我的 CanCan 能力课程中,我从以下规则开始:

class Ability
  include CanCan::Ability

  def initialize(user)

    user ||= User.new # guest user (not logged in)

    can :read, Video, public: true
    can :read, Video, shared_to: { id: user.id }

    # can :read, Video, if indirectly accessible through linked review (see comments below)

    cannot :read, Video, blocking: { id: user.id }
    cannot :read, Video, blockers: { id: user.id }

    can [:read, :update, :destroy], Video, user_id: user.id

  end
end

这些按预期工作,但我似乎无法弄清楚如何授予用户通过链接评论间接访问的视频的读取权限。

换句话说,如果用户-a 请求访问视频#2(私有,不共享并且由用户-b 拥有)并且视频#2 与视频#1 相关联(用户-a 可以访问,因为它是公开的,与他共享或由他所有)通过链接评论,然后我希望请求用户被授予读取权限。

关于如何做到这一点的任何想法?块不起作用,因为 CanCan 忽略索引操作的块,即当它调用Video.accessible_by(current_ability). 我试图找出视频模型的某种范围,但似乎无法理解我将如何做到这一点。

4

0 回答 0