个人中心
gpt4 book ai didi

ruby-on-rails - 管理员和用户的 Pundit- Index 方法

转载 作者:数据小太阳 更新时间:2023-10-29 06:59:21 26 4
gpt4 key购买 nike

所以,我正在尝试使用 gem 专家。我只是想弄清楚如何为用户和管理员提供索引 View 。我想为管理员呈现所有结果,只为用户呈现相关帖子。我已经在 github 上搜索和搜索,但我没有找到任何运气。我必须在我的策略和 Controller 中放入什么?

原始代码

class PostsPolicy
   attr_reader :current_user, :model

  def initialize(current_user, model)
    @current_user = current_user
    @post = model
  end

  def index?
    @current_user.admin?
  end
end

Controller 

class PostsController < ApplicationController
  before_filter :load_user
  before_filter :authenticate_user!
  after_action :verify_authorized

  def index
    @posts = Post.order('title').page(params[:page]).per(25)
    authorize User
  end

private

  def load_user
    @user = User.find_by_id(params[:user_id])
  end

end

第二次更新

class PostsPolicy
 class Scope
  attr_reader :user, :scope

  def initialize(user, scope)
     @user = user
     @scope = scope
  end

  def resolve
    if user.admin?
      scope.all
    else
      scope.where(user: user)
    end
   end

  end

end

Controller 

class PostsController < ApplicationController
  before_filter :load_user
  before_filter :authenticate_user!
  after_action :verify_authorized

 def index
   @posts = policy_scope(Post).order('title').page(params[:page]).per(25)
   authorize User
 end

private

 def load_user
   @user = User.find_by_id(params[:user_id])
 end
end

第三次更新

class PostPolicy

   class Scope
    attr_reader :user, :scope

      def initialize(user, scope)
         @user = user
         @scope = scope
      end

      def resolve
        if user.admin?
          scope.all
        else
          scope.where(user: user)
        end
      end
   end

  def index?
   user.admin? || user.posts.count > 0
  end
end

Controller 

class PostsController < ApplicationController
  before_filter :load_user
  before_filter :authenticate_user!
  after_action :verify_authorized

 def index
   @posts = policy_scope(Post).order('title').page(params[:page]).per(25)
   authorize User
 end

private

 def load_user
   @user = User.find_by_id(params[:user_id])
 end

end

** 使用工作代码的最终更新 **

class PostPolicy
attr_reader :user, :model

def initialize(user, model)
  @user = user
  @post = model
end

   class Scope
    attr_reader :user, :scope

      def initialize(user, scope)
         @user = user
         @scope = scope
      end

      def resolve
        if user.admin?
          scope.all
        else
          scope.where(user: user)
        end
      end
   end

  def index?
   user.admin? || user.posts.count
  end
end

Controller 

class PostsController < ApplicationController
  before_filter :load_user
  before_filter :authenticate_user!
  after_action :verify_authorized

 def index
   @posts = policy_scope(Post).order('title').page(params[:page]).per(25)
   authorize Post
 end

private

 def load_user
   @user = User.find_by_id(params[:user_id])
 end

end

最佳答案

你正在寻找的是一个范围:

class PostsPolicy
  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
       @user = user
       @scope = scope
    end

    def resolve
      if user.admin?
        scope.all
      else
        scope.where(user: user)
      end
    end
  end
end

然后在你的 Controller 中

def index
  @posts = policy_scope(Post).order('title').page(params[:page]).per(25)
  authorize User
end

编辑

作为旁注,authorize User 从长远来看可能不会很好地为您服务。您实质上是在创建一个需要为每个索引提供服务的索引策略。如果你想授权对索引页面的可见性,你仍然可以在你的策略中做这样的事情:

def index?
  user.admin? || user.posts.count > 0
end

假设建立了关系,那么您将在 policy_scope 之前在索引 Controller 中调用 authorize Post

关于ruby-on-rails - 管理员和用户的 Pundit- Index 方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27414643/

26 4 0
文章推荐: ruby-on-rails - 在 Ruby 的类级别添加 Enumerable mixin
文章推荐: android - 如何在 Flutter 中直接调用电话
文章推荐: ruby - 使用 pry-debugger 时如何在循环中使用原始 "break"
文章推荐: Flutter Hero动画不用主题色?
数据小太阳
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com