cancan

问题 I'm (finally) wiring CanCan / Ability into my app, and I've started by writing the RSpec tests. But they're failing — my Abilities appear to be overly permissive, and I don't understand why. First, the Ability class. The intention is that non-admin users can manage only themselves. In particular, they cannot look at other users: class Ability include CanCan::Ability def initialize(user) user ||= User.new # create guest user if needed if (user.has_role?(:admin)) can(:manage, :all) else can(

问题 I am trying to find a way to display my flash errors on the active page without the redirect_to method. By the way, the standard flash[:alert] = exception.message didn't show me any error messages, so I changed it to flash[:error] . Thanks for any advice! rescue_from CanCan::AccessDenied do |exception| flash[:error] = exception.message redirect_to deadlines_path end 回答1: Try: rescue_from CanCan::AccessDenied do |exception| flash.now[:alert] = exception.message render 'something_else' return

问题 My ability model looks something like this: class Ability include CanCan::Ability def initialize(user) if user.role == "moderator" can :manage, [Forum, Post] elsif user.role == "admin" can :manage, [Enrollment, SiteCare, Forum, Post] elsif user.role == "superadmin" can :manage, [Permission, Enrollment, SiteCare, Forum, Post] end end end In reality some of the roles have a dozen items they manage. To simplify things how can i construct some ruby that would keep me from having to duplicate so

问题 I'd like to have additional attributes for my User model and don't want to create a separate Profile model. I'm trying to update custom fields with standart «update» from RESTful set of actions: class UsersController < ApplicationController before_filter :authenticate_user! # ... def update @user = User.find(params[:id]) authorize! :update, @user respond_to do |format| if @user.update_attributes(params[:user]) format.html { redirect_to @user, notice: 'User was successfully updated.' } format

问题 Post: hidden: boolean I want the logged in user could see all the posts, and the non-logged-in user only have access to posts whose hidden fields are false. So I write like this in cancan's Ability Model: if user_signed_in? can :read, Post else can :read, Post, :hidden => false end but accessing the helper user_signed_in is not allowed in Model. As stated in this question: Rails 3 devise, current_user is not accessible in a Model ?. While we could using some tricks to access the helper, its

问题 I am trying to implement custom error handling as well as use CanCan. When a user reaches an area they aren't allowed to go to, a CanCan::AccessDenied error is thrown and they should be sent to the root url. Instead, 'rescue_from Exception' captures the CanCan::AccessDenied and the user gets a 500 error. What am I doing wrong? #application_controller.rb rescue_from CanCan::AccessDenied do |exception| redirect_to main_app.root_url, :alert => exception.message end rescue_from Exception, :with =

问题 I am a little confused about how to configure CanCanCan properly. For starters, do I have to add load_and_authorize_resource to every controller resource I want to restrict access to? This is what I would like to do: Admin can manage and access all controllers and actions Editor can read all, manage :newsroom, and can manage all Posts Member can read every Post and can create & update Posts (not edit/delete/anything else), cannot access the newsroom. The difference between an update & edit

问题 With a standard install of Rails_Admin using Devise for authentication and CanCan for authorization, accessing http://localhost:3000/admin as a non-admin user produces the following server log: Started GET "/admin" for 127.0.0.1 at 2011-08-09 22:46:10 -0400 Processing by RailsAdmin::MainController#index as HTML User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1 Completed 404 Not Found in 151ms ActionController::RoutingError (No route matches {:controller=>"gyms"}):

问题 I use cancan (1.6.10) and devise (3.2.2), I have been implementing authorization using this guide as recommended by cancan's author, I need to assign multiple roles to a user then I decided store it into a single integer column using a bitmask (I added a column named "roles_mask" to user model). I have this files involved: user.rb edit.html.erb I'm aware that I folowed word by word of this guide except the lines that I wrote for indicate that roles is a accessible attribute: class

问题 I am looking for NuGet package that provides similar functionality as the CanCan gem in rails ( https://github.com/ryanb/cancan ). Does anyone know a plugin that provides a similar functionality? Or a simple way to implement this? Thanks 回答1: I ended up looking at http://www.develop.com/wifclaimsbasedauthorizationone it does very much as CanCan does. For example ClaimsPrincipalPermission.CheckAccess("Customer","Add"); Would check whether the user had permission to add customers. We are