开发者

How to handle permissions for projects, showing a non-authorized page to request access?

in my app I have projects which have permissions. If the user has a permission record for a project they can view the project. If not, CanCan redirects them to the root.

What I would like to do is if a user tries to view a project (/project/100) where they are not a member, show them a page that allows them to request to join.

In CanCan, I have the following:

if projectid_viewing && current_user.try(:role, projectid_viewing) == 'Me开发者_高级运维mber'
    can [:read, :members], Project
  ....

This CanCan ability works great for allowing members to view the project, but non members are kicked to the root. what's a good way to handle this so if a non-member tries to view the project they are taken to a Request to Join page for that project?

Ideas? Thanks


Assuming you're usingload_and_authorize_resource in your controller, cancan will throw an exception when a user is not authorized, you can catch it and define the behavior.

class ApplicationController < ActionController::Base
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to request_join_page if current_user.member?
  end
end

You could also manually check permissions in the controller instead of using load_and_authorize_resource you could run can? in the controller and then perform the redirect if necessary.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜