In my model, I have a fair number of subclasses of the model Item. I would like to be able to specify that for a given role, their permissions for Item apply to all of the subclasses of Item without listing them explicitly; if I add new Item subclasses I don't want to have to remember to update permissions. How can I achieve this?
For example, this permission
if user.role? :customer_service
can :read, Item
end
does not allow a customer service rep to read开发者_如何学JAVA details of a Cabinet, where Cabinet < Item.
I think you could do this by sending a block to the can declaration. Perhaps like this:
if user.role? :cutomer_service
can do |action, subject_class, subject|
# Checks if action is :read and if subject_class is a subclass of Item
action == :read && subject_class < Item
end
end
I have not tested this, but I think it should work.
精彩评论