1
我在Rails 4和CanCan中遇到了一些麻煩。 我做了所有像這裏描述的https://github.com/ryanb/cancan和實際上它的工作原理,但我有以下問題:Rails CANCAN - 第一次點擊無法訪問
有時,當我點擊navi中的鏈接,例如, 「僱員」來打開員工/顯示頁面慘慘觸發警報:
「?......員工/警報=你+ +是不是+授權+到+接入+這個+頁面」
我將重定向到主頁面。
當我再次點擊相同的鏈接時,頁面將打開。沒有現在訪問的問題......
我不知道這個問題的原因是什麼... :(
我希望有人能幫助
一些代碼:
ability.rb
def initialize(user)
if user.admin?
can :manage, :all
elsif user.secretary?
can :manage, :all
cannot [:destroy],[Employee, Setting, Section, Role, Position]
elsif user.leader?
can :manage, :all
cannot [:manage],[Setting, Section, Role, Position]
cannot [:destroy],[Project, Customer, Distributor]
cannot [:destroy, :edit],[Employee]
elsif user.employee?
can :manage, :all
cannot [:manage],[Setting, Section, Role, Position, Employee, Customer, Distributor]
cannot [:destroy, :edit],[Project]
else
#can :read, :all
end
end
employees_con troller.rb
class EmployeesController < ApplicationController
before_action :set_employee, only: [:show, :edit, :update, :destroy]
#before_action :set_tmpPswVar, only: [:show]
#CanCan
load_and_authorize_resource
...
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
include SessionsHelper
before_action :require_login
protect_from_forgery with: :exception
#load_and_authorize_resource
#CanCan
skip_authorization_check
#for CanCan version necessary because is not optimized for rails 4
#without that eacht create method will generate an ForbiddenAttributeError!
before_filter do
resource = controller_name.singularize.to_sym
method = "#{resource}_params"
params[resource] &&= send(method) if respond_to?(method, true)
end
#CANCAN
rescue_from CanCan::AccessDenied do |exception|
redirect_to :controller=>"workdays", :action => "index", :alert => exception.message
end
...
問候 Kumaro
MH哦好吧,我知道,康康舞是不是Rails的4優化,但我不知道,有一個CanCanCan解決方案。我會嘗試!謝謝! – Kumaro
我測試過了...現在我在登錄後立即獲得警報,但之後沒有問題。這是好的,比以前更好,但仍然奇怪... – Kumaro
現在我仍然有同樣的問題:(...對不起 – Kumaro