我有那些资源
resources :companies do
resources :stands
end
我想控制公司展位的访问权限。在Ability类我写
can :manage, :all if user.has_role? Role.super_admin
can :manage, Company do |c|
user.has_role? Role.company_admin, c
end
如何控制公司展位的访问权限?例如,公司管理员只能搜索他的公司看台。感谢
答案 0 :(得分:0)
Cancan将帮助我们设置操作权限。它不会根据设置Ability.rb
的权限来获取记录例如:
URL: /站/搜索
def search
authorize! :search, Stand
current_user.company.search_stands('some-query') # This will get the stands only for the current-users's company
end
Ability.rb 可以:搜索,站立 user.has_role? Role.company_admin 端
其他例子: /公司/ 1 /站/搜索
def search
@company = Company.find(params[:company_id])
authorize! :search_stands, @company
@stands = @company.search_stands('some-query')
end
Ability.rb
can :search_stands, Company do |c|
user.has_role? Role.company_admin # Only admin has the permission to search stands.
end