开发者

cancan rules creation problem

开发者 https://www.devze.com 2023-01-28 01:20 出处:网络
i have rails app that contains following models - User, Blog, Post, BlogMembership. class BlogMembership < ActiveRecord::Base

i have rails app that contains following models - User, Blog, Post, BlogMembership.

class BlogMembership < ActiveRecord::Base
  belongs_to :user
  belongs_to :blog

  # Membership types:
  SUBSCRIBER = 0
  AUTHOR = 1
  MODERATOR = 2
end

class Blog < ActiveRecord::Base
  has_many :posts
  has_many :memberships, :class_name => "BlogMembership"

  # Blog memberships
  def subscribers
    self.memberships.where(:membership_type => [BlogMembership::SUBSCRIBER, BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
  end

  def authors
    self.memberships.where(:membership_type => [BlogMembership::AUTHOR, BlogMembership::MODERATOR]).collect(&:user)
  end

  def moderators
    self.memberships.where(:membership_type =>  BlogMembership::MODERATOR).collect(&:user)
  end
end

In Ability class (because i use cancan f开发者_如何学Cor access restriction) i try to limit access of users and moderators to the blogs, but with following rule

if user.is? :moderator
  can :manage, Post do |post|
    post.blog.moderators.include? user
  end
end

all users can send Posts to the any blog.

Could you tell me please - how to properly configure rule in Ability class for following relations scheme?


And if you try this syntax?

can :manage, Post do |action, post|
    post.blog.moderators.include? user
end
0

精彩评论

暂无评论...
验证码 换一张
取 消