【发布时间】:2014-10-16 08:07:53
【问题描述】:
我正在使用 Bootstrap,它有 div class="alert notice",其中有一堆用于各种通知消息的类。
我还有一个用于评论的 AJAX 销毁操作,我已经添加了cancan 授权。当我尝试删除 current_user 无权访问的评论时,它不起作用 - 这是正确的。
但我想要的是弹出一条错误消息,在 Bootstrap 样式的 div 中 5 - 10 秒然后消失。
这是我的CommentsController.rb 上的destroy 操作
def destroy
respond_to do |format|
if @comment.destroy
format.html { redirect_to root_url, notice: 'Comment was successfully deleted.' }
format.json { head :no_content }
format.js { render :layout => false }
else
format.json { render json: @comment.errors, status: :unprocessable_entity }
end
end
end
我在同一控制器的私有方法中设置了@comment:
private
def set_comment
@comment = current_user.comments.find(params[:id])
end
这是我的comments/destroy.js.erb
$('.delete_comment').bind('ajax:success', function() {
$(this).closest('div#new_comment').fadeOut();
});
但这并不影响未经授权的访问。
在我的ability.rb 中,我有这个:
can :manage, Comment, user_id: user.id
在我的日志中,当我尝试删除我无权访问的评论时,我会在我的日志中看到:
Started DELETE "/comments/5" for 127.0.0.1 at 2014-10-16 02:56:53 -0500
Processing by CommentsController#destroy as JS
Parameters: {"id"=>"5"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1
FamilyTree Load (0.2ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = $1 LIMIT 1 [["user_id", 1]]
ReadMark Load (0.1ms) SELECT "read_marks".* FROM "read_marks" WHERE "read_marks"."user_id" = $1 AND "read_marks"."readable_type" = 'PublicActivity::ORM::ActiveRecord::Activity' AND "read_marks"."readable_id" IS NULL ORDER BY "read_marks"."id" ASC LIMIT 1 [["user_id", 1]]
Comment Load (0.3ms) SELECT "comments".* FROM "comments" WHERE "comments"."user_id" = $1 AND "comments"."id" = $2 LIMIT 1 [["user_id", 1], ["id", 5]]
Completed 404 Not Found in 8ms
ActiveRecord::RecordNotFound - Couldn't find Comment with 'id'=5 [WHERE "comments"."user_id" = $1]:
这是完美的。
我想要做的就是在 Bootstrap 警报中显示一个适当的错误,该错误会在几秒钟内消失。
我该如何做到这一点?
【问题讨论】:
标签: jquery ruby-on-rails ruby-on-rails-4 twitter-bootstrap-3 cancan