所以,我正在尝试使用宝石专家。我只是想弄清楚如何为用户和管理员提供索引视图。我想为管理员呈现所有结果,只为用户呈现相关帖子。我已经在github上用谷歌搜索了一下,但我找不到任何运气。我必须在策略和控制器中放入什么?
原始代码
class PostsPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user
@post = model
end
def index?
@current_user.admin?
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = Post.order('title').page(params[:page]).per(25)
authorize User
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
第二次更新
class PostsPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize User
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
第三次更新
class PostPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
def index?
user.admin? || user.posts.count > 0
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize User
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
** 使用工作代码进行最终更新 **
class PostPolicy
attr_reader :user, :model
def initialize(user, model)
@user = user
@post = model
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
def index?
user.admin? || user.posts.count
end
end
控制器
class PostsController < ApplicationController
before_filter :load_user
before_filter :authenticate_user!
after_action :verify_authorized
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize Post
end
private
def load_user
@user = User.find_by_id(params[:user_id])
end
end
你要找的是一个范围:
class PostsPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
if user.admin?
scope.all
else
scope.where(user: user)
end
end
end
end
然后在您的控制器中
def index
@posts = policy_scope(Post).order('title').page(params[:page]).per(25)
authorize User
end
编辑
作为旁注,从长远来看,authorize User
可能不会很好地为您服务。实质上是在创建一个需要为每个索引提供服务的索引策略。如果要授权对索引页的可见性,您仍然可以在策略中执行以下操作:
def index?
user.admin? || user.posts.count > 0
end
假设已建立关系,则在policy_scope之前在索引控制器中调用authorize Post
。