devise - Why my cancan didn't work properly? -


my envirenment:ruby:2.0.0p0, rails:3.2.13, cancan: 1.6.10, devise: 2.2.4
hi, when following cancan's wiki separate-role-model, , seems didn't work me? when debugging-abilities, find following:

2.0.0-p0 :002 > q = question.first   question load (0.1ms)  select "questions".* "questions" limit 1  => #<question id: 1, title: "问题", created_at: "2013-05-14 11:14:31", updated_at: "2013-05-14 11:14:31", content: "答案", user_id: nil>

the user_id nil.
have add user_id , role_id assignment table, question_id user table, user_id question table.
role.rb

class role < activerecord::base                                                                                                                                 attr_accessible :name                                                                                                                                       #  has_and_belongs_to_many :users                                                                                                                               has_many :assignments                                                                                                                                         has_many :users, :through => :assignments                                                                                                                   end

assgnment.rb 

class assignment < activerecord::base                                                                                                                           # attr_accessible :title, :body                                                                                                                               belongs_to :user                                                                                                                                              belongs_to :role                                                                                                                                            end

user.rb 

class user < activerecord::base                                                                                                                                 # include default devise modules. others available are:                                                                                                       # :token_authenticatable, :confirmable,                                                                                                                       # :lockable, :timeoutable , :omniauthable                                                                                                                   devise :database_authenticatable, :registerable,                                                                                                                     :recoverable, :rememberable, :trackable, :validatable                                                                                                   # setup accessible (or protected) attributes model                                                                                                   attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :profile                                                                  # attr_accessible :title, :body                                                                                                                                has_many :assignments                                                                                                                                         has_many :roles, :through => :assignments                                                                                                                     has_many :questions                                                                                                                                            def has_role?(role_sym)                                                                                                                                         roles.any? { |r| r.name.underscore.to_sym == role_sym }                                                                                                     end                                                                                                                                                         end

ability.rb 

class ability                                                                                                                                                   include cancan::ability                                                                                                                                        def initialize(user)                                                                                                                                              if user.blank?                                                                                                                                                cannot :manage, :all                                                                                                                                          can :read, question                                                                                                                                         elsif user.has_role?(:admin)                                                                                                                                    can :manage, :all                                                                                                                                           else                                                                                                                                                            can :create, question                                                                                                                                         can :update, question, :active => true, :user_id => user.id                                                                                                   can :destroy, question, :active => true, :user_id => user.id                                                                                                end                                                                                                                                                         end                                                                                                                                                         end

and view:

<% if can? :update, @question %>                                                                                                                         <%= link_to 'edit', edit_question_path(question), :method => :get, :class => "btn btn-mini btn-warning" %>                                          <% end %>

then when create question doesn't come edit button. what's wrong me? if need more information, please tell me.

try set ability class 

class ability                                                                                                                                                   include cancan::ability                                                                                                                                        def initialize(user)                                                                                                                                              can :manage, :all                                                                                                                                         end                                                                                                                                                         end

just see if problem still there or not? can gradually add authorize logic see breaks ..


Comments

Post a Comment

Popular posts from this blog

Change php variable from jquery value using ajax (same page) -

what i'm trying this: i've php global variable $currentid , simple jquery script check if there "id" (page) in hash of url , if yes wanted give value $currentid . i've been reading lot , notice shall use ajax i'm not managing it. my code is: <script type="text/javascript"> $(document).ready(function(){ if (parent.location.hash != '' ) { var thecurrentid = parent.location.hash.split('#')[1]; $.ajax({ url: 'my.php', //current page type: 'post', data: {theid: thecurrentid }, datatype: 'json', success: function () { } }); } // code here }); </script> could me please? thank in advance. php server side language, meaning once has sent data browser, php variables , data cannot changed... however, using ajax, can send request php page , change data in dom based on result. consider th...
Read more

How can I fetch data from a web server in an android application? -

i want retrieve data web server in android application, , don't know begin. should use web services? i recommend these tutorials: connect android php , mysql , json in android , php , mysqli i used these tutorials , managed trying working without difficulty. between them describe each step in how attempting @ each stage, android application, database , web server side , has information included can process , use received information the thing add connect android php , mysql tutorial makes use of mysql_ in php deprecated. better use mysqli why included third link. the basic outline of want this: 1) in android app make request server php script using class this: import java.io.bufferedreader; import java.io.ioexception; import java.io.inputstream; import java.io.inputstreamreader; import java.io.unsupportedencodingexception; import java.util.list; import org.apache.http.httpentity; import org.apache.http.httpresponse; import org.apache.http.namevaluepair...
Read more

jquery - How can I dynamically add a browser tab? -

since using iframes house external pages are, accounts "not preferred method" , disallowed sites (flickr, one), want dynamically generate browser tabs. e.g., when user submits form, want dynamically generate tab on browser in response submitted. e.g., might want add new tab url like: http://www.bigsurgarrapata.com/contact how in jquery? you want form target attribute action attribute. http://www.w3schools.com/tags/att_form_target.asp browsers have ultimate control on result of target attribute open new tab value of _blank. <form action="contact_submit.php" target="_blank" method="post">
Read more