Vanilla authlogic/cantango setup, testing with a hard-coded roles_list
during test that returns [:user]
. Test permissions.yml file:
roles:
user:
can:
manage:
- User
On the first request, user_can?(:manage, User)
does what I expect. On subsequent requests, however, it's no longer true, and my permission goes away.
The Duh :/current_user
and current_user_session
vars change on each request; not sure if that's because I'm in dev environment and something's being reloaded, but it sketches me out a little bit.
Implementation in ApplicationController
fol开发者_运维技巧lows default authlogic examples.
If I load up the console:
pry(main)> u = User.first
=> #<User id: 2, email: "ohai@wtf.com", [...]
pry(main)> a = CanTango::Ability.new u
=> [lots of stuff, available on request]
pry(main)> a.can?(:manage, User.new)
=> true
pry(main)> a.can?(:manage, User.new)
=> true
I attempted to turn cantango's caching off (just in case) in cantango.rb per cantango's docs [...]>
Any hints/tips/pointers/source/docs?
If I change the permissions.yml file to the following (these are roles, not users, in theory, but w/o the guest role, which I never reference anywhere in my code, it doesn't work) things mostly work.
roles:
user:
can:
manage:
- User
guest:
cannot:
manage:
- User
I still have to leave caching off so far.
I'm abandoning cantango for now; while I have significant role-based permissions needs, the amount of trouble this caused isn't worth it, and so far it seems like a more targeted solution using some of the same meta-techniques will be cleaner and easier.
精彩评论