根据所有文档,
:read 操作被别名为 :index 和 :show:alias_action :index, show, :to => :read
然而,请考虑以下具有嵌套资源的情况:
resources :posts
resources :comments
end
如果我像这样定义能力:
# ability.rb
can :read, Post
can :show, Comment
# comments_controller.rb
load_and_authorize_resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization
事情按预期运行。但是,如果我将:read操作更改为[:index, :show]:
# ability.rb
can [:index, :show], Post
can :show, Comment
# comments_controller.rb
load_and_authorize_resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization
我无权访问/posts/:post_id/comments,/posts/:post_id/comments/:id等页面,但是我可以访问posts_controller的:index和:show。
如果这些操作行为不同,那么如何可能它们被“别名”了呢?
在我的尝试中,我还发现以下情况。将load_and_authorize_resource更改为以下内容即可访问:
# ability.rb
can [:index, :show], Post
can :show, Comment
# comments_controller.rb
load__resource :organization, :find_by => :permalink
load_and_authorize_resource :membership, :through => :organization
有人能够解释这里正在发生什么吗?