Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
3.5k views
in Technique[技术] by (71.8m points)

ruby on rails - Does load_and_authorize_resource authorize every single action in a controller, or just RESTful ones?

TL;DR

Basically, do I have to manually call authorize! in controller actions that aren't one of the 7 RESTful defaults, or does load_and_authorize_resource still do that for me in those non-standard actions?

Longer version:

I generated a controller via rails scaffold and then added several custom actions that do some random other things.

At the top of the controller, I have load_and_authorize_resource, which I believe will call authorize! in each of the actions.

Does it do that for every single action within the controller (including the custom ones), or only those that were generated by the scaffold? (i.e. index, show, new, edit, create, update, destroy)

I see from the cancancan docs:

Setting this for every action can be tedious, therefore the load_and_authorize_resource method is provided to automatically authorize all actions in a RESTful style resource controller.

But I'm not sure if that's just the 7 originals or others the developer adds as well


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神解答

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...