声明性授权和 has_and_belongs_to_many
我对声明性授权有一点问题。我有一个具有 has_and_belongs_to_many 关联的用户和角色模型。
我在我的authorization_rules.rb 中创建了一个名为 :moderator 的角色
,是否有可能具有角色版主的用户只能获取分配有版主角色的用户? --> User.with_permissions_to(:index)
我认为这是可能的:
role :moderator do
has_permission_on :users, :to => :index do
if_attribute :roles => contains { ????? }
end
end
我还在我的用户模型中创建了一个named_scope,因为我认为这会有所帮助...
class User
has_and_belongs_to_many :roles
named_scope :by_role, lambda { |role|
{
:include => :roles,
:conditions => {"roles.name" => role}
}
}
end
有谁知道是否可以使用declarative_authorization 来做到这一点?
感谢您的帮助!
I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association.
I've created a Role named :moderator in my authorization_rules.rb
Is it possible that a User with the Role Moderator only gets the Users that have the Moderator Role assigned to it?? --> User.with_permissions_to(:index)
I thought it would be possible like that:
role :moderator do
has_permission_on :users, :to => :index do
if_attribute :roles => contains { ????? }
end
end
I also created a named_scope in my User Model because I thought it would help...
class User
has_and_belongs_to_many :roles
named_scope :by_role, lambda { |role|
{
:include => :roles,
:conditions => {"roles.name" => role}
}
}
end
Does anyone knows if it's possible to do this with declarative_authorization?
Thanks for your help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我在我的一个项目中做了类似的事情,但当时发现 dec_auth 确实令人困惑。我认为这就是您需要做的:
authorization_rules.rb:
用户模型:
控制器:
如果这不起作用,请告诉我。
I did something similar in one of my projects but found dec_auth really confusing at the time. I think this is what you need to do:
authorization_rules.rb:
User Model:
Controller:
Let me know if that doesn't work.