cancan

问题 I've written this spec in products_controller_spec.rb, that is intended to test a redirect when destroy is called on a non-existent record: it "deleting a non-existent product should redirect to the user's profile page with a flash error" do delete :destroy, {:id => 9999} response.should redirect_to "/profile" flash[:error].should == I18n.t(:slideshow_was_not_deleted) end Here's the controller action in products_controller.rb: def destroy product = Product.find_by_id(params[:id]) redirect_to

问题 I have setup Devise with STI roles and also CanCan (and rails admin). I am trying to make CanCan work why my STI roles here is my ability.rb files def initialize(user) can :read, :all if user and user.is_admin? can :access, :rails_admin can :manage, :all end I added this to my user.rb model def is_admin? true if self.type == Admin end That code is inside the class User < ActiveRecord::Base When I test I get this error undefined method `is_admin?' for true:TrueClass What am I missing here?

问题 I've recently added roles to my rails application with CanCanCan (by enumeration)- but now I want to add a default role on signup. How do I go about doing this? Does it go in the controller or model? My User model: class User < ActiveRecord::Base #Defining different roles enum role: [:Admin, :User, :Guest] #Users can only create one scholarship application has_one :applications # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable

问题 I have a Rails 3.1 (RC5) app with Devise and CanCan. Both are configured well and working as expected except that when I run integration tests to ensure that AccessDenied is being redirected as desired, the redirect goes to Devise's sign in instead of the application root. I can verify in my test that the user is still logged in and can still access applicable parts of the app. The redirect is defined in this short controller, which the other restricted controllers inherit (instead of

问题 I was having this problem trying to render a partial via an asynchronous request from my users views. The problem was that CanCan was not authorizing the call, because it was inside a new action that I created on user_controller.rb . I am new to Rails and I thought that putting :edit on the ability class was enough. I caught this error because I removed the remote: true from my link, so it can render the view via a http request. Don't as me why I did that. Begginer's luck! My question is: how

问题 As much as I can understand, regardless of chosen session store, a Rails app sends one database query for Devise and one database query for Rolify. Here is my related code: <% if !user_signed_in? %> ..login buttons... <% else %> <% unless current_user.has_role? :pro %> <%= link_to "Upgrade!", '#' %> | <% end %> <%= link_to current_user.full_name, edit_user_registration_path %> |<%= link_to "Çıkış", destroy_user_session_path, method: :delete %> <% end %> Those codes causes these SQL queries as

问题 In a Rails 3.2 app I'm using Devise + CanCan. The app previously restricted access to only logged in users. I'm in the process of adding a Guest user/ability that will be able to read certain sections of the site. I'm having trouble understanding the "correct" way to set this up, specifically what combination of before_filter :authenticate! and load_and_authorize_resource is needed in controllers. While working on this I've stripped the ability class to a minimum. #Ability.rb class Ability

问题 I'm trying to make some changes to the show method in my events controller and noticed the changes making zero difference. I commented out the @event = Event.find_by_slug(params[:slug]) line and the show view still works and does not produce an error! I even deleted the entire show method and it still works. I thought for a moment I was working on a copy of the app, but it's definitely the correct one. I've never had this problem before, but did recently upgrade my Rails version from 3.2.0 to

问题 When a user in my app isn't an admin user i want to only let them see the fields that they have ownership of. Is there a so set can :see or something like that on a per field basis so that it displays just the fields that that use "can see", or should I have an ability called can :oversee to state that they can see everything instead. I suppose it's much easier to just check if the user is admin or not in rails admin, so where set rails admin to only pull the current user's records. 回答1: With

问题 I know about caching the whole current_ability . Something like def current_ability cached_ability = Rails.cache.read("#{current_user.cache_key}::ability") if cached_ability.present? ability = Marshal.load( cached_ability ) else ability = super Rails.cache.write("#{current_user.cache_key}::ability", Marshal.dump( ability )) end @current_ability = ability end But is there is a way to cache a single ability ? for example I do this : Rails.cache.fetch("#{user.cache_key}::comments::ability") do