I have the following in ability.rb
can :index, Thread
can :sh开发者_如何学运维ow, Thread do |thread|
1 == 2
end
I hard coded show to result as false to test a fail. Shockingly, show never fails. Both Thread index and Thread show both return without resulting in a CanCan access denied. What's going on with that? Suggestions? Thx
As can be seen here :index
and :show
are aliases of :read
, that means they are synonyms.
When you say can :index, Thread
that means the user will be able to read anything.
When you later define second rule can :show, Thread {|t| 1 == 2}
, the CanCan query for successive rules is disjunctive, that is result = rule1 or rule2
. To have the result computed via difference result = rule1 - rule2
use cannot
for the 2nd rule:
cannot :show, Thread {|t| 1 == 2}
精彩评论