ruby-on-rails - Rails 3 ActiveAdmin CanCan。如何设置用户只能看到属于他的记录？

Question

我设置了属于客户类别的 admin_users(客户是一家公司)。所以 Customer 有很多 admin_users。

我正在尝试限制对属于特定客户的装运记录的访问。我不希望客户看到其他客户的数据。所以我设置了它，但它似乎什么也没做......

类(class)能力 包括 CanCan::Ability

  def initialize(user)
    user ||= AdminUser.new       
    if user.role == "administrator"
        can :manage, :all
    else
      cannot :create, :all
      cannot :update, :all
      cannot :destroy, :all
      can :read, Shipment do |shipment|
        shipment.customer == user.customer
      end
    end
  end 
end

我在 shipments.rb 中确实有这个 ...

ActiveAdmin.register Shipment do
  menu :if => proc{ can?(:read, Shipment) }, :priority => 1
  controller.authorize_resource

  index do
    column "File #", :sortable => :file_number do |shipment|
      link_to shipment.file_number, admin_shipment_path(shipment)
    end
    [... more columns ...]
    default_actions if can? :manage, Shipment
  end

  show :title => :file_number do
  panel "Shipment Details" do
  attributes_table_for shipment do
    row("File number") {shipment.file_number}
    row("Mode") {shipment.mode}
    row("Ocean Rate") { number_to_currency shipment.ocean_rate}
    row("Customer") { link_to shipment.customer.company_name, admin_customer_path(shipment.customer)}
    row("Shipper") { link_to shipment.shipper.company_name, admin_shipper_path(shipment.shipper)}
    row("Broker") { link_to shipment.broker.company_name, admin_broker_path(shipment.broker)}
  end
end

[...more show action stuff...]

因此在索引页面中，所有货件都会显示，如果我以客户 A 身份登录并单击客户 B 的货件，我可以看到它，但它应该会阻止我。

更多信息...

shipments_controller.rb
class ShipmentsController < InheritedResources::Base
  before_filter :authenticate_admin_user!
end

Answer 1

Active Admin 有一个内置的方法来处理范围。看这里:http://activeadmin.info/docs/2-resource-customization.html#scoping_the_queries