一个没有对应模型的Spree管理员控制器,其访问试用重定向到其他页面。
相应的尝试代码。
module Spree
module Admin
class TutorialsController < Spree::Admin::BaseController
authorize_resource :class => false
def index
end
end
end
end
而在 app/models/spree/ability_decorator.rb
增加了以下内容。
can :manage, :'tutorial'
can :manage, :'admin/tutorial'
can :manage, :'admin_tutorial'
can :manage, :'spree/admin/tutorial'
can :manage, :'spree_admin_tutorial'
但这些授权都没有用。当然,添加 can :manage, :all
在这个地方,可以使页面如愿以偿,所以这绝对是接近需要的解决方案,但不太允许在这里寻找。即使使用 skip_authorization_check
的控制器中,但这并不奏效,该请求将被重定向到 admin/products
与这些相应的初始日志。
Started GET "/admin/tutorials" for 127.0.0.1 at 2020-04-30 17:11:28 +0200
Processing by Spree::Admin::TutorialsController#index as HTML
Spree::Preference Load (2.9ms) SELECT "spree_preferences".* FROM "spree_preferences" WHERE "spree_preferences"."key" = $1 LIMIT $2 [["key", "spree/backend_configuration/locale"], ["LIMI
T", 1]]
↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/bundler/gems/spree_i18n-a03ecad00a1e/lib/spree_i18n/controller_locale_helper.rb:21
Spree::User Load (3.2ms) SELECT "spree_users".* FROM "spree_users" WHERE "spree_users"."deleted_at" IS NULL AND "spree_users"."id" = $1 ORDER BY "spree_users"."id" ASC LIMIT $2 [["id",
194], ["LIMIT", 1]]
↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98
Spree::Role Load (3.4ms) SELECT "spree_roles".* FROM "spree_roles" INNER JOIN "spree_role_users" ON "spree_roles"."id" = "spree_role_users"."role_id" WHERE "spree_role_users"."user_id" =
$1 [["user_id", 194]]
↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98
Spree::Producer Load (2.6ms) SELECT "spree_producers".* FROM "spree_producers" WHERE "spree_producers"."id" = $1 LIMIT $2 [["id", 16], ["LIMIT", 1]]
↳ app/models/spree/ability_decorator.rb:123
Redirected to http://localhost:5000/forbidden
Completed 302 Found in 80ms (ActiveRecord: 41.4ms)
在经过一些其他的重定向之后,请求就进入了之前所说的路径。
skip_authorization_check
在这种情况下,根本不需要特殊能力。该 Spree::BaseController
设置了正确的权限来授予目标访问,这与 Spree::Admin::BaseController
. 为了保持CSS风格的一致性,一个明确的 layout
需要声明。
module Spree
module Admin
class TutorialsController < Spree::BaseController
layout 'spree/layouts/admin'
def index; end
end
end
end