声明式授权filter_access_to
我正在尝试使用 declarative_authorization 来保护 Rails3 控制器的安全。
该控制器具有 7 个 RESTful 操作、3 个自定义成员操作(激活、停用、复制)和 1 个自定义收集操作(公共)。然而,“公共”操作仅返回一条记录。
只有自定义收集操作(公共)才可供经过身份验证的用户使用;其余的仅对当前用户可用。
has_permission_on :foos, :to => :public
has_permission_on :foos, :to => [:full_control, :copy, :activate, :deactivate] do
if_attribute :user => is {user}
end
privilege :full_control, :includes => [:index, :show, :new, :create, :edit, :update, :destroy]
4个自定义操作在routes.rb文件中定义:
resources :users do
resources :foos do
collection do
get :public
end
member do
post :activate, :copy, :deactivate
end
end
end
A User :has_many Foos; Foo:属于用户。
FoosController 中定义的“标准”访问控制(filter_resource_access :nested_in => :user)似乎控制对 7 个 RESTful 操作的访问,但无法控制对其他 4 个操作的访问(如预期)。
当我将 FooController 更改为:
filter_access_to :all, :nested_in => :users, :attribute_check => true
我收到一条错误,内容为“无法找到没有 ID 的 Foo”。
问题:
- 文档似乎表明,当使用 filter_access_to 时,将自动调用 :before_filter 来加载 Foo 模型。我错了吗?我需要对filter_access_to进行额外配置吗?我需要手动配置 :before_filter 吗?
- 为了我的目的,我还需要将 using_access_control 添加到模型中吗?当控制器中有访问控制时,我有点不清楚何时需要向模型添加访问控制。
- 该文档描述了一个名为“create”的权限 - 它定义为:privilege :create, :includes => :新的。此外,对于 :new 操作,此权限是否会因其名称而自动包含 :create 操作?
- 如果authentication_rules.rb文件发生更改,是否需要重新启动服务器才能应用新规则?
I am attempting to secure a Rails3 controller using declarative_authorization.
The controller has the 7, RESTful actions, three custom member actions (activate, deactivate, copy), and one custom collection action (public). The 'public' action only returns one record, however.
Only the custom collection action (public) should be available to authenticated users; the remainder are only available to the current_user.
has_permission_on :foos, :to => :public
has_permission_on :foos, :to => [:full_control, :copy, :activate, :deactivate] do
if_attribute :user => is {user}
end
privilege :full_control, :includes => [:index, :show, :new, :create, :edit, :update, :destroy]
The 4 custom actions are defined in the routes.rb file:
resources :users do
resources :foos do
collection do
get :public
end
member do
post :activate, :copy, :deactivate
end
end
end
A User :has_many Foos; A Foo :belongs_to a User.
The 'standard' access control (filter_resource_access :nested_in => :user), as defined in the FoosController seems to control access to the 7, RESTful actions, but fails to control access to the other 4 (as expected).
When I change the FooController to:
filter_access_to :all, :nested_in => :users, :attribute_check => true
I get an error that reads "Couldn't find Foo without an ID".
Questions:
- The documentation seems to suggest that a :before_filter will be called automatically to load the Foo model when filter_access_to is used. Am I mistaken? Do I need additional configuration of the filter_access_to? Do I need to manually configure a :before_filter?
- Do I also need to add using_access_control to the model for my purposes? I'm a little unclear when one needs to add access control to the model when there is access control in the controller.
- The documentation describes a privilege named 'create'--it is defined as: privilege :create, :includes => :new. In addition, to the :new action, does this privilege automatically include the :create action as a consequence of its name?
- If the authentication_rules.rb file is changed, does the server need to be restarted for the new rules to be applied?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为自动前置过滤器(如果存在的话)是相当有限的。我总是必须根据上下文编写自己的过滤器。例如,对于索引视图,除非模型的所有实例的权限都相同,否则您需要有一个适合当前上下文的模型实例。就像用户查看帖子索引一样,您可能希望为用户创建一个虚拟的新帖子,或者加载他们的第一个帖子,但虚拟的帖子更安全,因为第一个帖子可能不存在。一般来说,我有一个用于索引的虚拟构造函数,其他所有内容都可以测试实际看到(或触摸)的内容。
到目前为止,控制器对我来说已经足够好了,所以模型级别当然不是必需的。这并不是说它不会增加一些额外的安全性,但我不知道什么时候这会变得重要。我假设当你有一个模型被许多控制器(例如无模式控制器)接触并且你想确保没有任何东西偷偷溜过时。
我没有使用过特权,所以我不确定,但我猜你描述的神奇继承不会发生。创建没有特别请求的权限似乎是一种非常草率的方法。
不,不需要重新启动——至少在开发模式下不需要。
I think that automatic before filter, if it exists, is pretty limited. I've always had to write my own before filters as appropriate to the context. Eg--for the the index view unless permission is the same for all instances of the model, you'll need to have a model instance appropriate the the current context. Like a user viewing an index of posts, you would want to make a dummy new post for the user, or load their first but dummy is safer since first might not exist. Generally I have a dummy constructor for index and everything else can test whatever is actually to be seen (or touched).
Controller has been good enough for me so far, so model level is certainly not REQUIRED. That's not to say it wouldn't add some extra safety, but I'm not expert in when exactly that would become important. I'd hypothesize it would be when you have a model touched by many controllers (eg modeless controllers) and you want to be sure nothing sneaks by.
I haven't used privileges so I'm not sure, but I would guess that magic inheritance you describe doesn't happen. Creating permissions that aren't specifically requested seems like it would be a very sloppy approach.
No, no restart required--at least not in development mode.