gpt4 book ai didi

ruby-on-rails - CanCan 错误地拒绝管理员访问

转载 作者:行者123 更新时间:2023-12-02 00:15:35 27 4
gpt4 key购买 nike

我正在使用其他人的代码,而且我对 Rails 相当缺乏经验,而且我在使用 CanCan & Devise 时遇到了问题。

当尝试登录时(使用我知道的凭据,因为它们以前有效并且我已经检查了数据库并成功使用了重置功能)我收到一个错误屏幕说明。

CanCan::AccessDenied in AdminController#index

You are not authorized to access this page.

app/controllers/admin_controller.rb:4:in `index'
config/initializers/quiet_assets.rb:6:in `call_with_quiet_assets'

在终端

Started POST "/users/sign_in" for 127.0.0.1 at 2012-11-14 13:13:01 +0000
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"T8CJkCIEA3r7ROiknVp/vbEgeKCBZEjl3uYd+46G7no=", "user"=>{"email"=>"pass@user.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
WARNING: Can't verify CSRF token authenticity
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'pass@user.com' LIMIT 1
(0.2ms) BEGIN
(0.3ms) UPDATE `users` SET `last_sign_in_at` = '2012-11-14 11:10:56', `current_sign_in_at` = '2012-11-14 13:13:01', `sign_in_count` = 219, `updated_at` = '2012-11-14 13:13:01' WHERE `users`.`id` = 1
(0.1ms) COMMIT
Redirected to http://core.lvh.me:3000/admin
Completed 302 Found in 355ms


Started GET "/admin" for 127.0.0.1 at 2012-11-14 13:13:02 +0000
Processing by AdminController#index as HTML
Completed 500 Internal Server Error in 265ms

CanCan::AccessDenied (You are not authorized to access this page.):
app/controllers/admin_controller.rb:4:in `index'
config/initializers/quiet_assets.rb:6:in `call_with_quiet_assets'

admin_controller.rb

class AdminController < ApplicationController

def index
authorize! :index, :admin (#line 4)
end

能力.rb

class Ability
include CanCan::Ability

def initialize(user)
user ||= User.new # guest user (not logged in)

case user.role_name

when "super_admin"
# can do everything
can :manage, :all

when "franchise_admin"
can [:read, :search, :all, :up_down_index], Article
can [:old_feed, :sites, :new_feed], MobileFeed
can [:new, :read, :update], SiteSpecificArticle, site_id: user.site_id
can [:index, :new_site_essentials], :admin


when "franchise_editor"
can [:new, :read, :update], SiteSpecificArticle { |ssa| ssa.site.customer.sites.include?(user.site) }
can [:old_feed, :sites, :new_feed], MobileFeed
can [:read, :search, :all, :up_down_index], Article

when "site_admin"
# can CRUD users for their site
can :manage, User, site_id: user.site_id
# can edit content for their site
can [:read, :update], ArticleSitePermission, site_id: user.site_id
can [:read, :update], CoreArticleSiteVisibility, site_id: user.site_id
can [:new, :read, :update], SiteSpecificArticle, site_id: user.site_id
can [:new, :read, :update], FrontPageCampaign, site_id: user.site_id
can [:new, :read, :update], FrontPageTimeBasedArticle, site_id: user.site_id
can [:new, :read, :update], FrontpageArticle, site_id: user.site_id
can [:index, :new_site_essentials], :admin
can [:read, :search, :all, :up_down_index, :hidden_in_this_site], Article
can [:old_feed, :sites, :new_feed], MobileFeed
can [:index, :create], TrackMood
can :site_styles, Site

when "editor"
# can edit content for their site
can [:read, :update], ArticleSitePermission, site_id: user.site_id
can [:read, :update], CoreArticleSiteVisibility, site_id: user.site_id
can [:new, :read, :update], SiteSpecificArticle, site_id: user.site_id
can :manage, FrontPageCampaign, site_id: user.site_id
can :manage, User, site_id: user.site_id
can [:new, :read, :update], FrontPageTimeBasedArticle, site_id: user.site_id
can [:new, :read, :update], FrontpageArticle, site_id: user.site_id
can [:old_feed, :sites, :new_feed], MobileFeed
can [:index, :new_site_essentials], :admin
can [:read, :search, :all, :up_down_index, :hidden_in_this_site], Article
can [:index, :create], TrackMood
can :site_styles, Site

else
# guest user (not logged in)
can [:read, :search, :up_down_index], Article
can [:old_feed, :sites, :new_feed], MobileFeed
can [:index, :create], TrackMood
can :site_styles, Site
end
end
end

如有任何帮助,我们将不胜感激。即使这只是尝试调试问题的又一步。

谢谢

最佳答案

Github 上的 CanCan wiki 指出:

“添加 authorize_resource 将创建一个调用 authorize! 的前过滤器,如果存在则传递资源实例变量。如果未设置实例变量(例如在索引操作中),它将传递类名。对于例如,如果我们有一个 ProductsController,它将在每个操作之前执行此操作。”

authorize!(params[:action], @product || Product)

您的问题是您试图授权 :admin 符号的 :index 操作,而实际上您必须授权 admin 对象或模型,如下所示:

authorize!(:index, @admin)

我想你误解了授权!方法并尝试为角色 :admin 授权索引操作,但所有 CanCan 内容都是基于 current_ability 授权的,这应该是在登录后在用户 session 上设置的第一件事。 CanCan 可以用这个默认的 ApplicationController 方法为你做这件事:

def current_ability
@current_ability ||= Ability.new(current_user)
end

但这意味着您需要另一个名为 current_user 的方法来返回当前用户 (doh)。检查你是否有这个设置,如果没有然后设置它并将 :admin 更改为 @admin (你必须实例化它,我认为它类似于 current_user.admin(?) )。

还有一件事:如果您像这样进行授权只是为了调试,没问题,但是如果您实际上想像这样手动授权每个操作,请不要这样做。 CanCan 有一个名为 load_and_authorize_resource 的方法,它既为 Controller 的每个操作授权 current_user,也实例化变量 @model,例如 @products,到:Product.accessible_by(current_ability)。当您拥有用户只能在某些情况下查看或管理的内容(例如编辑他们自己的个人资料)时,此方法非常有效。当然,您必须在 ability.rb 文件中进行设置。这个方法是这样的:

class AdminController < ApplicationController

load_and_authorize_resource

def index
# @admins here will have every admin that the user can see
end

end

如果您有一些不需要授权的操作,您可以说:

load_and_authorize_resource, :only => [:action1, :action2]
load_and_authorize_resource, :except => [:action1, :action2]

或者还有:

load_and_authorize_resource
skip_authorize_resource, :only => [:action1]
skip_authorize_resource, :except => :action2 #can be both an array or single symbol

我希望这对您和任何遇到此问题的人有所帮助:)

关于ruby-on-rails - CanCan 错误地拒绝管理员访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13379610/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com