CanCanCan version 3.4.0
CanCanCan版本3.4.0
Similar issue on github
GitHub上的类似问题
I have a project with a lot of permissions, for example based on user roles: If a user is staff, he can :edit but not :update, just defined by something like can [:update], project if user.staff?
.
我有一个具有很多权限的项目,例如基于用户角色:如果用户是Staff,他可以:EDIT但不能:UPDATE,只是由类似Can[:UPDATE],project if User.Staff?这样的内容定义。
So far, so good.
到现在为止还好。
Now i want to restrict all users to read-only when project is locked. My idea was to do something like
现在,我希望在项目锁定时将所有用户限制为只读。我的想法是做一些类似于
cannot %i[update update_extra_costs], Project, locked?: true
at the end of the Ability Model.
在能力模型的末尾。
The problem is that, in terms of docs, :update
and :edit
are coupled for simplicity. If I now do the cannot :update
, it also restricts the :edit
!
问题是,就文档而言,为了简单起见,将:UPDATE和:EDIT结合在一起。如果我现在执行Cannot:UPDATE,它也会限制:EDIT!
But most users should be able to see the form (read-only!) and not to be able do a :update
但是大多数用户应该能够看到该表单(只读!)并且不能执行:更新
As a workaround I tried something like a
作为一种变通方法,我尝试了
if can? :edit, Project #=> only if a can? is defined above
cannot [:update], Project, locked?: true
can [:edit], Project
end
The can
after the cannot
did the trick that edit
was allowed but the update
not! But this was not the soulution because it would allow all users to see the edit view! So i tried to wrap this in the if, but it didn't work, because can?
doesn't work inside the Ability Model.
不能之后的罐子做了允许编辑但不允许更新的把戏!但这不是解决方案,因为它将允许所有用户查看编辑视图!所以我试着把这个包在IF里,但它不起作用,因为它能吗?在能力模型中不起作用。
Questions
问题
How to do things like this properly?
如何做好这样的事情呢?
Is there a way to unlink :edit
and :update
so that a cannot :update
would not affect the :edit
有没有办法取消链接:EDIT和:UPDATE,以便不能:UPDATE不会影响:EDIT
更多回答
I would look into Pundit instead - you're reaching the level of complexity where CanCanCan is just going to be a royal pain in the backside.
我会去看看Pundit,而不是--你已经达到了一个复杂的水平,在这个水平上,CanCanCan只是一个皇家的痛苦。
I am trying to understand why a user would need the ability to "edit" in a non functional manner? What good is a form that can't be submitted?
我在试着理解为什么用户需要以非功能性的方式进行“编辑”?一张不能提交的表格有什么用?
@engineersmnky good question, we discussed it on GitHub. See my last comment there. In short: In one project there are read-only views built with a form, by disabled:true and :update action forbidden.
@Engineersmnky问得好,我们在GitHub上讨论过。请看我在那里的最后一条评论。简而言之:在一个项目中,有一个用Form构建的只读视图,由Disable:True和:UPDATE操作禁止。
I am more inclined to agree with This Comment using a form is a bastardization of the edit and should be converted to a show
or other display view.
我更倾向于同意这个评论使用一个表单是一个bastardization的编辑,应该转换为一个显示或其他显示视图。
@engineersmnky Yes, for new apps what you are saying, is the way to go.
@Engineersmnky是的,对于新的应用程序来说,你所说的就是前进的道路。
我是一名优秀的程序员,十分优秀!