根据所有文件,:read
动作是两者的别名:index
and :show
:
alias_action :index, show, :to => :read
但是,请考虑以下使用嵌套资源的场景:
resources :posts
resources :comments
end
如果我这样定义能力:
# ability.rb
can :read, Post
can :show, Comment
# comments_controller.rb
load_and_authorize_resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization
事情按预期进行。但是,如果我改变:read
对 [:index, :show] 的操作:
# ability.rb
can [:index, :show], Post
can :show, Comment
# comments_controller.rb
load_and_authorize_resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization
我无权访问/posts/:post_id/comments
, /posts/:post_id/comments/:id
等等。不过,我仍然可以访问这两个:index
and :show
为了posts_controller
.
如果这些行为的行为不同,它们怎么可能是“别名”呢?
在我的摆弄中,我还遇到了以下情况。改变load_and_authorize_resource
以下允许的访问:
# ability.rb
can [:index, :show], Post
can :show, Comment
# comments_controller.rb
load__resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization
有人能解释一下这是怎么回事吗?