我有用戶慘慘 - 當用戶限制到特定的網站
class User < ActiveRecord::Base
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :email, :password, :password_confirmation,
:remember_me, :site_id, :role_name
belongs_to :site
end
網站
class Site < ActiveRecord::Base
has_many :users
has_one :front_page_campaign
end
和front_page_campaigns
class FrontPageCampaign < ActiveRecord::Base
belongs_to :site
end
我使用康康舞限制訪問,因此用戶只能管理front_page_campaigns爲自己的網站:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
case user.role_name
when "super_admin"
# can do everything
can :manage, :all
when "editor"
# can edit content for their site
can [:create, :read, :update], FrontPageCampaign, site_id: user.site_id
end
end
end
這對於角色名稱super_admin
和editor
上的用戶在front_page_campaigns
上的顯示和編輯完美適用。但是,當一個editor
嘗試創建一個新的front_page_campaign,我得到一個康康舞禁止通知
You are not authorized to access this page.
標準形式提供的所有站點的下拉框,我想我需要限制這僅僅是用戶自己的網站。我會如何去做這件事?
感謝您的深入解答 - 非常有用。我認爲':create'被別名爲包含':new',但是它恰恰相反! – Edward