ruby-on-rails - CanCanCanability.rb 中的用户为零

标签 ruby-on-rails reactjs devise fetch-api cancancan

尝试从 React 组件获取异步请求。然而,由于权限无效,它总是失败。

工作请求示例:

Started GET "/" for 127.0.0.1 at 2017-10-04 16:32:00 -0400
Processing by EventsController#index as HTML
  User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ?  [["id", 1], ["LIMIT", 1]]
  Rendering events/index.html.erb within layouts/application

失败的异步请求示例:

Started GET "/events/search?ne_lat=37.82915414554321&ne_lng=-122.13221051635742&sw_lat=37.72060601151162&sw_lng=-122.70658948364257" for 127.0.0.1 at 2017-10-04 16:32:07 -0400
Processing by EventsController#search as */*
  Parameters: {"ne_lat"=>"37.82915414554321", "ne_lng"=>"-122.13221051635742", "sw_lat"=>"37.72060601151162", "sw_lng"=>"-122.70658948364257"}
  ... #NOTE: printing 'user' from byebug in ability.rb shows it as nil
CanCan::AccessDenied (You are not authorized to access this page.):

请注意,失败的请求不会从数据库查询中选择/加载用户。有什么想法可能会出问题吗? ability.rb 权限允许此请求,但异步调用时用户未正确填写。

此请求以前使用 jQuery 工作,但我已使用 fetch 重写了它。 .

这是 Controller 

class EventsController < ApplicationController
  before_action :set_event, only: [:show, :edit, :update, :destroy]
  load_and_authorize_resource

  def index
    @events = Event.all
  end
  ...
  def search
    local_events = Event.includes(:address).references(:address)
      .where("latitude >= ? AND latitude <= ? AND longitude >= ? AND longitude <= ?",       
          params[:sw_lat], params[:ne_lat], params[:sw_lng], params[:ne_lng]
          )
      .limit(50)

    render json: local_events, only: [:id,:name,:description,:start], include: { address: { only: [:latitude,:longitude,:street_address] }}
  end

end

还有能力.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    can :read, :all
    byebug
    return if user == nil #user must be logged in after this point

    #events
    can [:search], Event
    ...
  end
end

最佳答案

异步请求不会从数据库查询用户,因为 session 中没有用户 ID。 session 中没有用户 ID,因为 Fetch APIfetch 默认情况下不包含 cookie。

为了通过获取请求发送 cookie,请将 credentials 选项设置为 “same-origin”“include”:

fetch(url, {  
  credentials: 'include'  // or 'same-origin' (see the link below)
})

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Sending_a_request_with_credentials_included

关于ruby-on-rails - CanCanCanability.rb 中的用户为零,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46573832/

上一篇:single-page-application - Visual Studio 2017 SPA Aurelia 模板 : Where is aurelia. json?

下一篇:firefox - 如何在 Firefox 的 Web 扩展中获取当前选项卡的历史记录?

相关文章:

javascript - 无法清除 Gatsby 静态站点缓存

ruby-on-rails - 根据AJAX请求设计注销用户。 Rails 3.1

ruby-on-rails - 在任何来源中都找不到 bcrypt-3.1.7

mysql - Rails 数据库连接池的工作原理

ruby-on-rails - 如何在 Rails 4 中通过 hstore 属性对结果进行排序?

css - Antd 内联表单子(monad)项宽度

css - 如何在 React.js 中使用 Reactstrap 将 Navbar Collapse 转换为移动 View 中的侧边栏?

ruby-on-rails - 如何在 Rails 应用程序中使用 Devise gem,其中 "User"分为三个模型?

ruby-on-rails - Elasticsearch : how to see the indexed data

ruby-on-rails - 如何在 Controller 中设置全局变量

©2024 IT工具网  联系我们