Rails 3 - CanCan - 定义创建权限

Question

我在附件控制器中有以下内容

  def upload

    @attachment = Attachment.build(:swf_uploaded_data => params[:attachment][:attachment], :user_id => current_user.id, :project_id => params[:space_id])
....
    end

我想从CanCan中得到的只是允许用户上传到他们所属的project_id.我确认控制器正在获取正确的信息,没有nils

这是我的康康舞:

can :upload, Attachment do |attachment|
  Rails.logger.info 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX- include CanCan::Ability - ATTACHMENT'  
  Rails.logger.info attachment.inspect
  Rails.logger.info attachment.project

  current_user.try(:role, attachment.space)
end

问题在于,是附件.是零,attachment.project是零？您如何使用CanCan解决此问题,以便确保只有项目团队成员可以将附件上传到项目中？

谢谢

Answer 1

我认为最好的authorize!方法是使用Controller操作的方法在较低级别执行此操作.

所以......

#AttachmentController

#Will remove it from cancan
load_and_authorize_resource :except => [:upload]

def upload
 @attachment = Attachment.build(:swf_uploaded_data => params[:attachment][:attachment], :user_id => current_user.id, :project_id => params[:space_id])
  #add the authorize logic explicitly here when you have the attachment model populated
  authorize! :upload, @attachment
end

如果这对您有用,请告诉我.