1

我有包含以下模型的 Rails 应用程序 - 用户、博客、帖子、博客成员。

class BlogMembership < ActiveRecord::Base
  belongs_to :user
  belongs_to :blog

  # Membership types:
  SUBSCRIBER = 0
  AUTHOR = 1
  MODERATOR = 2
end

class Blog < ActiveRecord::Base
  has_many :posts
  has_many :memberships, :class_name => "BlogMembership"

  # Blog memberships
  def subscribers
    self.memberships.where(:membership_type => [BlogMembership::SUBSCRIBER, BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
  end

  def authors
    self.memberships.where(:membership_type => [BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
  end

  def moderators
    self.memberships.where(:membership_type =>  BlogMembership::MODERATOR).collect(&:user)
  end
end

在能力类中(因为我使用 cancan 进行访问限制)我尝试限制用户和版主对博客的访问,但遵循以下规则

if user.is? :moderator
  can :manage, Post do |post|
    post.blog.moderators.include? user
  end
end

所有用户都可以将帖子发送到任何博客。

你能告诉我吗 - 如何正确配置能力类中的规则以遵循关系方案?

4

1 回答 1

0

如果你尝试这种语法?

can :manage, Post do |action, post|
    post.blog.moderators.include? user
end
于 2010-11-30T01:27:13.730 回答