如何在没有对应模型的情况下,授权访问控制器处理的页面与坎坎坷坷?

问题描述 投票:0回答:1

问题

一个没有对应模型的Spree管理员控制器,其访问试用重定向到其他页面。

相应的尝试代码。

module Spree
  module Admin
    class TutorialsController < Spree::Admin::BaseController
      authorize_resource :class => false

      def index
      end
    end
  end
end

而在 app/models/spree/ability_decorator.rb 增加了以下内容。

  can :manage, :'tutorial'
  can :manage, :'admin/tutorial'
  can :manage, :'admin_tutorial'
  can :manage, :'spree/admin/tutorial'
  can :manage, :'spree_admin_tutorial'

但这些授权都没有用。当然,添加 can :manage, :all 在这个地方,可以使页面如愿以偿,所以这绝对是接近需要的解决方案,但不太允许在这里寻找。即使使用 skip_authorization_check 的控制器中,但这并不奏效,该请求将被重定向到 admin/products 与这些相应的初始日志。

Started GET "/admin/tutorials" for 127.0.0.1 at 2020-04-30 17:11:28 +0200                                                                                                                     
Processing by Spree::Admin::TutorialsController#index as HTML                                                                                                                                 
  Spree::Preference Load (2.9ms)  SELECT  "spree_preferences".* FROM "spree_preferences" WHERE "spree_preferences"."key" = $1 LIMIT $2  [["key", "spree/backend_configuration/locale"], ["LIMI
T", 1]]                                                                                                                                                                                       
  ↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/bundler/gems/spree_i18n-a03ecad00a1e/lib/spree_i18n/controller_locale_helper.rb:21                                                    
  Spree::User Load (3.2ms)  SELECT  "spree_users".* FROM "spree_users" WHERE "spree_users"."deleted_at" IS NULL AND "spree_users"."id" = $1 ORDER BY "spree_users"."id" ASC LIMIT $2  [["id", 
194], ["LIMIT", 1]]                                                                                                                                                                           
  ↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98                                                                        
  Spree::Role Load (3.4ms)  SELECT "spree_roles".* FROM "spree_roles" INNER JOIN "spree_role_users" ON "spree_roles"."id" = "spree_role_users"."role_id" WHERE "spree_role_users"."user_id" = 
$1  [["user_id", 194]]                                                                                                                                                                        
  ↳ /home/psychoslave/.rvm/gems/ruby-2.5.1@project/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98                                                                        
  Spree::Producer Load (2.6ms)  SELECT  "spree_producers".* FROM "spree_producers" WHERE "spree_producers"."id" = $1 LIMIT $2  [["id", 16], ["LIMIT", 1]]
  ↳ app/models/spree/ability_decorator.rb:123                                                  
Redirected to http://localhost:5000/forbidden                                                                                                                                                 
Completed 302 Found in 80ms (ActiveRecord: 41.4ms)

在经过一些其他的重定向之后,请求就进入了之前所说的路径。

相关资源

ruby-on-rails model-view-controller authorization spree cancancan
1个回答
0
投票

在这种情况下,根本不需要特殊能力。该 Spree::BaseController 设置了正确的权限来授予目标访问,这与 Spree::Admin::BaseController. 为了保持CSS风格的一致性,一个明确的 layout 需要声明。

module Spree
  module Admin
    class TutorialsController < Spree::BaseController
      layout 'spree/layouts/admin'
      def index; end
    end
  end
end
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.