Rails 4 with Pundit & Statesman gem - 对象处于状态时的策略
Posted
技术标签:
【中文标题】Rails 4 with Pundit & Statesman gem - 对象处于状态时的策略【英文标题】:Rails 4 with Pundit & Statesman gem - policy when an object is in a state 【发布时间】:2016-01-29 00:24:13 【问题描述】:我正在尝试在 Rails 4 中制作应用程序。
我正在尝试将 statesman gem 用于状态,然后将 pundit 用于政策。
我的 gemfile 有:
gem 'statesman', '~> 1.3', '>= 1.3.1'
gem 'pundit'
我有一个文章模型、一个文章转换模型和一个 article_state_machine 模型。
我的目标是在我的文章策略中定义一个发布策略(使用权威人士),它允许拥有文章的用户在文章处于“已批准”状态时发布该文章。
我正在我的权威文章政策中尝试这样做:
class ArticlePolicy < ApplicationPolicy
def publish?
user.present? && user == article.user
# if requires approval, then approved
# and article.in_state(:approve) - why doesnt this work - see statesman docs?
# user && user.article.exists?(article.id)
end
end
当我尝试检查文章是否处于 :approve 状态(如上所述)时,我收到一条错误消息,显示未定义方法“in_state”。
如何在策略中使用状态机?还是该策略允许用户随时发布,但您仅在文章处于批准状态时才在文章显示页面上显示按钮(尽管我认为这是专家的观点)。
文章.rb
class Article < ActiveRecord::Base
include Statesman::Adapters::ActiveRecordQueries
has_many :transitions, class_name: "ArticleTransition", autosave: false
def state_machine
@state_machine ||= ArticleStateMachine.new(self, transition_class: ArticleTransition, association_name: :transitions)
end
# delegate :can_transition_to?. :trans
# def reindex_articles
# article.reindex_async
# end
private
def self.transition_name
:transitions
end
def self.transition_class
ArticleTransition
end
def self.initial_state
# ArticleTransition.initial_state
:draft
end
end
文章状态机模型:
class ArticleStateMachine
include Statesman::Machine
state :draft, initial: :true #while author is drafting
state :review #while approver comments are being addressed (really still in draft)
state :reject # not suitable for publication
state :approve # suitable for publication
state :publish #published
state :remove # destroyed
# state :spotlight
transition from: :draft, to: [:reject, :approve, :publish, :remove]
# transition from: :review, to: [:rejected, :approved, :removed]
transition from: :reject, to: [:draft, :remove]
transition from: :approve, to: [:publish, :remove]
transition from: :publish, to: :remove
end
文章过渡模型:
class ArticleTransition < ActiveRecord::Base
include Statesman::Adapters::ActiveRecordTransition
belongs_to :article, inverse_of: :article_transitions
end
文章控制器:
def approve
article = Article.find(params[:id])
if article.state_machine.transition_to!(:approve)
flash[:notice] = "This article has been approved for publication"
redirect_to action: :show, id: article_id
# add mailer to send message to article owner that article has been approved
else
flash[:error] = "You're not able to approve this article"
redirect_to action: :show, id: article_id
end
end
def publish
article = Article.find(params[:id])
authorize @article
if article.state_machine.transition_to!(:publish)
redirect_to action: :show, id: article_id
# how do you catch the date the state became published?
else
flash[:error] = "You're not able to publish this article"
redirect_to action: :show, id: article_id
end
end
谁能看到我做错了什么?
整个文章控制器有:
class ArticlesController < ApplicationController
before_action :set_article, only: [:show, :edit, :update, :destroy, :reject, :approve, :publish, :remove]
before_action :authenticate_user!, except: [:index, :show, :search, :reject, :approve, :publish, :remove]
respond_to :html, :json
# GET /articles
# GET /articles.json
def index
@articles = policy_scope(Article)
# query = params[:query].presence || "*"
# @articles = Article.search(query)
end
# def index
# if params[:query].present?
# @books = Book.search(params[:query], page: params[:page])
# else
# @books = Book.all.page params[:page]
# end
# end
# GET /articles/1
# GET /articles/1.json
def show
end
# GET /articles/new
def new
@article = Article.new
@article.comments.build
end
# GET /articles/1/edit
def edit
authorize @article
end
# POST /articles
# POST /articles.json
def create
# before_action :authenticate_user!
# authorize @article
@article = current_user.articles.new(article_params)
respond_to do |format|
if @article.save
format.html redirect_to(@article)
format.json render :show, status: :created, location: @article
else
format.html render :new
format.json render json: @article.errors, status: :unprocessable_entity
end
end
end
def search
if params[:search].present?
@articless = Article.search(params[:search])
else
@articles = Articles.all
end
end
# PATCH/PUT /articles/1
# PATCH/PUT /articles/1.json
def update
# before_action :authenticate_user!
authorize @article
respond_to do |format|
# if @article.update(article_params)
# format.json render :show, status: :ok, location: @article
# else
# format.html render :edit
# format.json render json: @article.errors, status: :unprocessable_entity
# end
# end
if @article.update(article_params)
format.html redirect_to(@article)
format.json render :show, status: :ok, location: @article
else
format.json render json: @article.errors, status: :unprocessable_entity
end
format.html render :edit
end
end
# DELETE /articles/1
# DELETE /articles/1.json
def destroy
before_action :authenticate_user!
authorize @article
@article.destroy
respond_to do |format|
format.json head :no_content
end
end
# def review
# article = Article.find(params[:id])
# if article.state_machine.transition_to!(:review)
# flash[:notice] = "Comments on this article have been made for your review"
# redirect_to action: :show, id: article_id
# else
# flash[:error] = "You're not able to review this article"
# redirect_to action: :show, id: article_id
# end
# end
def reject
end
def approve
article = Article.find(params[:id])
if article.state_machine.transition_to!(:approve)
flash[:notice] = "This article has been approved for publication"
redirect_to action: :show, id: article_id
# add mailer to send message to article owner that article has been approved
else
flash[:error] = "You're not able to approve this article"
redirect_to action: :show, id: article_id
end
end
def publish
article = Article.find(params[:id])
if article.state_machine.transition_to!(:publish)
redirect_to action: :show, id: article_id
# how do you catch the date the state became published?
else
flash[:error] = "You're not able to publish this article"
redirect_to action: :show, id: article_id
end
end
def remove
article = Article.find(params[:id])
if article.state_machine.transition_to!(:remove)
redirect_to root_path
else
flash[:error] = "You're not able to destroy this article"
redirect_to action: :show, id: article_id
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_article
@article = Article.find(params[:id])
authorize @article
end
# Never trust parameters from the scary internet, only allow the white list through.
def article_params
params.require(:article).permit(:body, :title, :image, :tag_list,
comment_attributes: [:opinion])
end
end
【问题讨论】:
你在哪里打电话给 Pundit 的authorize?
好点。当我将 authorise@article 添加到发布操作时,我收到一条错误消息:Statementsman::TransitionFailedError in ArticlesController#publish 无法从“发布”转换为“发布”
那么看来 Pundit 方面没有问题。原因应该在异常消息/堆栈跟踪中的某个地方。顺便说一句,bang 方法transition_to! 引发异常而不是返回false。如果您不打算捕获这些异常,最好使用非爆炸方法并打印相应的错误消息(无论如何,对程序流使用异常并不是一个好主意)。
日志中的错误说: Completed 500 Internal Server Error in 5ms (ActiveRecord: 0.8ms) NoMethodError (undefined method in_state?' for #<ArticleStateMachine:0x007ff37ff65098>): app/policies/article_policy.rb:51:in publish?' app/controllers/articles_controller.rb:157:in ` set_article'
您能否将代码更新到与出现该错误的版本完全相同的版本?如果能看到全貌就更好了。
【参考方案1】:
您正在使用的 statesman gem 版本没有定义 in_state?。您可以更新宝石。或者您可以使用 smallbuttoncom 链接的类似代码自己定义它
https://github.com/gocardless/statesman/blob/1fd4ee84c87765b7855688b8eb5dddea7ddddbdd/lib/statesman/machine.rb#L180-L182
但是,对于您的情况,一个简单的检查就足够了。在您的政策中尝试以下代码
article.state_machine.current_state == "approve"
希望对您有所帮助。
【讨论】:
【参考方案2】:当我尝试检查文章是否处于状态时:批准(如评论 上面),我收到一条错误消息,上面写着未定义的方法 'in_state'。
您是否尝试在您的政策中将 article.in_state?(:approve) 更改为 article.state_machine.in_state?(:approve)?
【讨论】:
好点 Guilherme,我试过了,但它给出了这个错误:NoMethodError in ArticlesController#publish undefined method `in_state' for #<0x007ff3642a8ca8> <0x007ff37ea21f10>【参考方案3】:您错过了方法末尾的?:
in_state 方法实际上是一个类方法,其行为类似于作用域。
你需要使用in_state?方法,它是一个实例方法,像这样:
article.state_machine.in_state?(:approve)
【讨论】:
以上是关于Rails 4 with Pundit & Statesman gem - 对象处于状态时的策略的主要内容,如果未能解决你的问题,请参考以下文章
Rails 4 - pundit - 如何编写 if 语句来检查用户权限