我有一个简单的 Controller 方法:WelcomeController#dashboard
该页面旨在成为用户登录后的登录页面(在此测试中,用户的角色为“经理”)。
我从简单开始,所以这个 Controller 还没有太多内容controllers/welcome_controller.rb:
class WelcomeController < ApplicationController
skip_authorize_resource only: :index
authorize_resource class: false, only: [:dashboard]
skip_before_action :authenticate_user!, only: [:index]
layout 'external', only: [:index]
def index; end
def dashboard; end
end
所以,我已经安装了 CanCanCan 并在我的 models/ability.rb 文件中:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
can :access, :rails_admin
elsif user.manager?
can :read, Lesson
can :access, :dashboard
can :modify, Company
elsif user.user?
can :read, Lesson
else
can :read, :root
end
end
end
但是,我的 Rspec 测试失败了,我无法弄清楚原因。 spec/controllers/welcome_controller_spec.rb 中的代码是:
require 'rails_helper'
require 'cancan/matchers'
RSpec.describe WelcomeController, type: :controller do
describe 'GET #index' do
it 'returns http success' do
get :index
expect(response).to have_http_status(:success)
end
end
describe 'GET #dashboard' do
it 'manager routes to dashboard after login' do
company = Company.create!(name: 'ACME', domain: 'acme.com')
user = User.create!(email: '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="542031272014203127207a373b39" rel="noreferrer noopener nofollow">[email protected]</a>', password: 'password', password_confirmation: 'password', company_id: company.id, role: 1)
sign_in user
get :dashboard
expect(response).to have_http_status(:success)
end
it 'user does not route to dashboard after login' do
user = create(:user)
sign_in user
expect { get :dashboard }.to raise_error(CanCan::AccessDenied)
end
end
end
这会导致此错误:
Failures:
1) WelcomeController GET #dashboard manager routes to dashboard after login
Failure/Error: get :dashboard
CanCan::AccessDenied:
You are not authorized to access this page.
# ./spec/controllers/welcome_controller_spec.rb:17:in `block (3 levels) in <top (required)>'
我发现有趣的是,只有“登录后管理器路由到仪表板”测试失败了,因为即使我使用相同的 :dashboard
,用户的第三个测试也可以顺利通过。打电话。
如果您有任何帮助/建议,我将不胜感激。
谢谢!
最佳答案
据我了解,没有别名操作名称为 :access 的操作,引用 from this link (如果不正确,请纠正我),但您可以使用alias_action创建自定义操作
你的能力.rb
class Ability
include CanCan::Ability
def initialize(user)
# here you create alias_action
alias_action :create, :read, :update, :destroy, to: :access
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
can :access, :rails_admin
elsif user.manager?
can :read, Lesson
can :access, :dashboard
can :modify, Company
elsif user.user?
can :read, Lesson
else
can :read, :root
end
end
end
关于ruby-on-rails - Rails CanCanCan 无模型 Controller 的能力问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54830491/