How to handle permissions for projects, showing a non-authorized page to request access?
in my app I have projects which have permissions. If the user has a permission record for a project they can view the project. If not, CanCan redirects them to the root.
What I would like to do is if a user tries to view a project (/project/100) where they are not a member, show them a page that allows them to request to join.
In CanCan, I have the following:
if projectid_viewing && current_user.try(:role, projectid_viewing) == 'Me开发者_高级运维mber'
can [:read, :members], Project
....
This CanCan ability works great for allowing members to view the project, but non members are kicked to the root. what's a good way to handle this so if a non-member tries to view the project they are taken to a Request to Join page for that project?
Ideas? Thanks
Assuming you're usingload_and_authorize_resource
in your controller, cancan will throw an exception when a user is not authorized, you can catch it and define the behavior.
class ApplicationController < ActionController::Base
rescue_from CanCan::AccessDenied do |exception|
redirect_to request_join_page if current_user.member?
end
end
You could also manually check permissions in the controller instead of using load_and_authorize_resource
you could run can?
in the controller and then perform the redirect if necessary.
精彩评论