新手问题 devise::如何阻止不同的用户访问其他用户的 “域”? 是这样称呼吗?
现在的情况是,我创建多个不同的身份,然后发布博客,但是每个用户都可以访问其他用户发布的博客,可以编辑,删除。
如何阻止这种情况?
另外发布博客的时间和 by current user 这样的署名怎么弄?
我用的 devise+cancan:
#models/ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
can :manage, :all if user.is? :admin
can :manage, :all if user.is? :default
end
end
#models/user.rb
class User < ActiveRecord::Base
rolify
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :name, :email, :password, :password_confirmation, :remember_me, :roles
ROLES = %w[admin default banned]
def is?(role)
roles.include(tole.to_s)
end
end
#controllers/articles_controller.rb
class ArticlesController < ApplicationController
load_and_authorize_resource :except => [:index, :show]
end
#db/migrate/20120804202523_add_role_to_users.rb
class AddRoleToUsers < ActiveRecord::Migration
def change
add_column :users, :role, :string
end
end
#db/schema.rb
# encoding: UTF-8
ActiveRecord::Schema.define(:version => 20120804202523) do
create_table "roles", :force => true do |t|
t.string "name"
t.integer "resource_id"
t.string "resource_type"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
add_index "roles", ["name", "resource_type", "resource_id"], :name => "index_roles_on_name_and_resource_type_and_resource_id"
add_index "roles", ["name"], :name => "index_roles_on_name"
create_table "users", :force => true do |t|
t.string "email", :default => "", :null => false
t.string "encrypted_password", :default => "", :null => false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", :default => 0
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "name"
t.string "role"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
create_table "users_roles", :id => false, :force => true do |t|
t.integer "user_id"
t.integer "role_id"
end
add_index "users_roles", ["user_id", "role_id"], :name => "index_users_roles_on_user_id_and_role_id"
end
#views/articles/index.html.erb
<ul class="clearfix">
<% if can? :update, @article %>
<li class="clearfix"><%= link_to 'Edit', edit_article_path(@article) %></li>
<% end %>
<% if can? :destroy, @article %>
<li class="clearfix"><%= link_to 'Destroy', @article, method: :delete, data: {confirm: 'Are you sure?'} %></li>
<% end %>
</ul>
#views/articles/show.html.erb
<ul class="clearfix">
<% if can? :update, @article %>
<li class="clearfix"><%= link_to 'Edit', edit_article_path(@article) %></li>
<% end %>
<% if can? :destroy, @article %>
<li class="clearfix"><%= link_to 'Destroy', @article, method: :delete, data: {confirm: 'Are you sure?'} %></li>
<% end %>
</ul>
现在的情况是,除了 user1(估计是 admin) 拥有所有权限,其他身份的用户登陆之后都不能创建新的 article,
显示You are not authorized to access this page.,而且也无法访问了之前由他自己发布的 article 的 edit,destroy 功能,等于是完全变成浏览者的身份了。
#2 楼 @bony undefined method `user_id' for #Article:0x007f8ed88c8f48 哪个地方出错了?
在 20120804162920_devise_create_users.rb 里面看到没有:
class DeviseCreateUsers < ActiveRecord::Migration
def change
create_table(:users) do |t|
## Database authenticatable
t.string :email, :null => false, :default => ""
t.string :encrypted_password, :null => false, :default => ""
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
## Trackable
t.integer :sign_in_count, :default => 0
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
## Confirmable
# t.string :confirmation_token
# t.datetime :confirmed_at
# t.datetime :confirmation_sent_at
# t.string :unconfirmed_email # Only if using reconfirmable
## Lockable
# t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
# t.string :unlock_token # Only if unlock strategy is :email or :both
# t.datetime :locked_at
## Token authenticatable
# t.string :authentication_token
t.timestamps
end
add_index :users, :email, :unique => true
add_index :users, :reset_password_token, :unique => true
# add_index :users, :confirmation_token, :unique => true
# add_index :users, :unlock_token, :unique => true
# add_index :users, :authentication_token, :unique => true
end
end
但是在 shema.rb 里面看到这些:
ActiveRecord::Schema.define(:version => 20120804202523) do
create_table "articles", :force => true do |t|
t.string "title"
t.text "content"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
create_table "roles", :force => true do |t|
t.string "name"
t.integer "resource_id"
t.string "resource_type"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
add_index "roles", ["name", "resource_type", "resource_id"], :name => "index_roles_on_name_and_resource_type_and_resource_id"
add_index "roles", ["name"], :name => "index_roles_on_name"
create_table "users", :force => true do |t|
t.string "email", :default => "", :null => false
t.string "encrypted_password", :default => "", :null => false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", :default => 0
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "name"
t.string "role"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
create_table "users_roles", :id => false, :force => true do |t|
t.integer "user_id"
t.integer "role_id"
end
add_index "users_roles", ["user_id", "role_id"], :name => "index_users_roles_on_user_id_and_role_id"
end
不太弄的明白