开发者

cancan rules creation problem

问答 作者:

i have rails app that contains following models - User, Blog, Post, BlogMembership.

class BlogMembership < ActiveRecord::Base
  belongs_to :user
  belongs_to :blog

  # Membership types:
  SUBSCRIBER = 0
  AUTHOR = 1
  MODERATOR = 2
end

class Blog < ActiveRecord::Base
  has_many :posts
  has_many :memberships, :class_name => "BlogMembership"

  # Blog memberships
  def subscribers
    self.memberships.where(:membership_type => [BlogMembership::SUBSCRIBER, BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
  end

  def authors
    self.memberships.where(:membership_type => [BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
  end

  def moderators
    self.memberships.where(:membership_type =>  BlogMembership::MODERATOR).collect(&:user)
  end
end

In Ability class (because i use cancan f开发者_如何学Cor access restriction) i try to limit access of users and moderators to the blogs, but with following rule

if user.is? :moderator
  can :manage, Post do |post|
    post.blog.moderators.include? user
  end
end

all users can send Posts to the any blog.

Could you tell me please - how to properly configure rule in Ability class for following relations scheme?

And if you try this syntax?

can :manage, Post do |action, post|
    post.blog.moderators.include? user
end

继续阅读:cancanrailscastsrubyruby-on-railssecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9