gpt4 book ai didi

ruby-on-rails - CanCan之间的区别:read and [:index, :show]?

转载 作者:行者123 更新时间:2023-12-04 03:17:14 24 4
gpt4 key购买 nike

根据所有文档,:read操作被别名为:index:show:

alias_action :index, show, :to => :read

但是,请考虑以下带有嵌套资源的情况:
resources :posts
resources :comments
end

如果我这样定义能力:
# ability.rb
can :read, Post
can :show, Comment

# comments_controller.rb
load_and_authorize_resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization

事情按预期进行。但是,如果我将 :read操作更改为[:index,:show]:
# ability.rb
can [:index, :show], Post
can :show, Comment

# comments_controller.rb
load_and_authorize_resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization

我无权访问 /posts/:post_id/comments/posts/:post_id/comments/:id等。但是,我仍然可以访问 :index:showposts_controller

如果它们的行为不同,怎么可能“混淆”这些行为?

在摆弄我的同时,我还遇到了以下问题。将 load_and_authorize_resource更改为以下允许的访问:
# ability.rb
can [:index, :show], Post
can :show, Comment

# comments_controller.rb
load__resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization

有人可以解释这是怎么回事吗?

最佳答案

我将此作为问题发布在GitHub上。瑞安回应如下:

Both the :index and :show actions point to the :read action. But when CanCan authorizes a parent resource it uses the :read action directly which is why you're seeing this behavior.

I think this has caused confusion before, so I will change the internal behavior to never use the :read action directly. Instead of a :parent resource I'll change it to use :show and for the accessible_by default I will use :index instead of :read. Thanks for bringing this to my attention.



https://github.com/ryanb/cancan/issues/302#comment_863142

关于ruby-on-rails - CanCan之间的区别:read and [:index, :show]?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5280781/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com