ruby-on-rails – Pundit :: PolicyScopingNotPerformedError
我使用这个Pundit宝石相当新,但似乎无法理解政策系统.从我读过的所有内容看起来都是正确的,尽管我仍然收到错误
应用控制器 class ApplicationController < ActionController::Base include Pundit protect_from_forgery before_filter :authenticate_person! # Verify that controller actions are authorized. Optional,but good. after_filter :verify_authorized,except: :index after_filter :verify_policy_scoped,only: :index rescue_from Pundit::NotAuthorizedError,with: :user_not_authorized private def pundit_user Person.find_by_id(current_person) end def user_not_authorized flash[:alert] = "You are not authorized to perform this action." # redirect_to(request.referrer || root_path) end end 申请政策 class ApplicationPolicy attr_reader :user,:record def initialize(user,record) raise Pundit::NotAuthorizedError,"must be logged in" unless user @user = user @record = record end def index? false end def show? scope.where(:id => record.id).exists? end def create? false end def new? create? end def update? false end def edit? update? end def destroy? false end def scope Pundit.policy_scope!(user,record.class) end class Scope attr_reader :user,:scope def initialize(user,scope) @user = user @scope = scope end def resolve scope end end end 错误信息 Pundit::AuthorizationNotPerformedError in Devise::SessionsController#new 解决方法
您可能需要从Pu??ndit的自述文件中查看
this section.
它基本上说,当在after_action中使用verify_authorized时,它将检查是否实际调用了授权.
对于verify_policy_scoped也是如此,但对于policy_scope:
在你的情况下,异常是由你没有在Devise :: SessionsController #new action中调用authorize引起的. 我认为,处理它的最佳方法是从ApplicationController中删除after_action检查并将它们移动到子类. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |