声明性授权和 has_and_belongs_to_many

发布于 2024-10-17 10:50:54 字数 697 浏览 5 评论 0原文

我对声明性授权有一点问题。我有一个具有 has_and_belongs_to_many 关联的用户和角色模型。

我在我的authorization_rules.rb 中创建了一个名为 :moderator 的角色

,是否有可能具有角色版主的用户只能获取分配有版主角色的用户? --> User.with_permissions_to(:index)

我认为这是可能的:

role :moderator do
  has_permission_on :users, :to => :index do
    if_attribute :roles => contains { ????? }
  end
end

我还在我的用户模型中创建了一个named_scope,因为我认为这会有所帮助...

class User
  has_and_belongs_to_many :roles
  named_scope :by_role, lambda { |role|
    {
      :include => :roles,
      :conditions => {"roles.name" => role}
    }
  }
end

有谁知道是否可以使用declarative_authorization 来做到这一点?

感谢您的帮助!

I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association.

I've created a Role named :moderator in my authorization_rules.rb

Is it possible that a User with the Role Moderator only gets the Users that have the Moderator Role assigned to it?? --> User.with_permissions_to(:index)

I thought it would be possible like that:

role :moderator do
  has_permission_on :users, :to => :index do
    if_attribute :roles => contains { ????? }
  end
end

I also created a named_scope in my User Model because I thought it would help...

class User
  has_and_belongs_to_many :roles
  named_scope :by_role, lambda { |role|
    {
      :include => :roles,
      :conditions => {"roles.name" => role}
    }
  }
end

Does anyone knows if it's possible to do this with declarative_authorization?

Thanks for your help!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

长伴 2024-10-24 10:50:54

我在我的一个项目中做了类似的事情,但当时发现 dec_auth 确实令人困惑。我认为这就是您需要做的:

authorization_rules.rb:

role :moderator do
  has_permission_on :users, :to => :index
end

用户模型:

class User < ActiveRecord::Base
  using_access_control
end

控制器:

@users = User.with_permissions_to(:index)

如果这不起作用,请告诉我。

I did something similar in one of my projects but found dec_auth really confusing at the time. I think this is what you need to do:

authorization_rules.rb:

role :moderator do
  has_permission_on :users, :to => :index
end

User Model:

class User < ActiveRecord::Base
  using_access_control
end

Controller:

@users = User.with_permissions_to(:index)

Let me know if that doesn't work.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文