I'm using CanCan and Devise for the auth processes in an app and everything is working perfectly.
However, we have a setup in whi开发者_如何学运维ch users can create lists of items.
The List model has a user_id and the auth works fine on that, but the ownership of items is handled through the List :has_many Item relationship and Item doesn't actually have a user_id column.
How does CanCan handle this?
I tried
can :manage, Item do |item|
item.list.user_id = user.id
end
but typing the Item id on the url gives every user access to every item, regardless of the List ownership.
I couldn't find anything that seemed to cover this in the wiki on Cancan's github so hoping someone here might be able to help
Looking forward to comments Thanks
Did you confuse = with ==?
can :manage, Item do |item|
item.list.user_id == user.id
end
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论