我有一个具有:published
属性(boolean)的Post模型和一个具有role
属性(string)的用户模型。有三个角色:ROLES = %w[admin publisher author]
我不希望角色是author的用户能够在帖子模型上设置或编辑:published
字段。
我使用的是CanCan (和RailsAdmin gem),我的简化Ability.rb文件如下所示:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
if user.role? :admin
can :manage, :all
elsif user.role? :publisher
can :manage, Post
elsif user.role? :author
# I want to prevent these guys from setting the :published attribute
end
end
end
有人有做这类事情的小贴士吗?
https://stackoverflow.com/questions/5921591
复制相似问题