Edw*_*all 8 ruby-on-rails access-control ruby-on-rails-4 pundit
我在app的admin部分使用pundit进行访问控制.我有一个仪表板控制器,如下所示:
class Admin::DashboardsController < AdminController
def index
@total_revenue = Order.total_revenue
authorize :dashboards, :index?
end
...
end
和一个看起来像这样的政策:
class DashboardPolicy < Struct.new(:user, :dashboard)
def index?
true
end
end
当我试图访问时,/admin/dashboards/我得到一个Pundit::NotDefinedError, unable to find policy SymbolPolicy for dashboards
我也试过命名空间策略并得到了同样的错误.
小智 11
jizak的回答对我不起作用,我找到了无头名称间隔策略的以下解决方案,诀窍在于:[:admin,:policy]第一个参数.
class Admin::HomeController < AdminController
def dashboard
authorize [:admin, :home], :dashboard?
end
end
然后为政策:
Admin::HomePolicy < AdminPolicy
def dashboard?
return false unless user && user.admin?
true
end
end
我有这样的无头政策:
应用程序/策略/管理/statistic_policy.rb
class Admin::StatisticPolicy < Struct.new(:user, :statistic)
def show?
user.admin?
end
end
应用程序/控制器/管理/statistics_controller.rb
class Admin::StatisticsController < Admin::ApplicationController
def show
per_today Time.zone.now
authorize :statistics, :show?
end
...
end
这对我有用。
尝试更新 gem,因为这些更改是新的(https://github.com/elabs/pundit/issues/77)。从项目中删除 Gemfile.lock 并执行“捆绑安装”。