Rails 中基于组成员身份的访问控制有哪些选项?
对于 Rails,我看到很多用于基于角色的访问控制的 gem 选项(cancan、cantango 等)。但是,我没有找到任何用于基于组成员的访问控制的 gem。这是我想要完成的任务的简化描述:
Users: a, b, c, d
Groups: y, z
Group Membership: y has a and b; z has c and d
Posts: m, n
Ownership: a owns m; c owns n
Group y is marked as a public group. m can be seen by all users
Group z is marked as a private group. n can only be seen by c and d
所以没有什么太花哨或复杂的,本质上是类似于文件系统访问控制的功能(例如跨所有者组公共的读-写-执行[没有'执行'当然]。)
看起来Radiant(带有一些额外的插件)可以提供页面级组成员访问控制,但我不想要/需要整个CMS,我更喜欢基于模型的东西(例如cancan)与基于页面/路径的。 (顺便说一句,我正在将 Devise 用于我的用户模型 - Devise 中是否有我错过的东西?)
Rails 中如何实现私有/公共用户分组?只能通过基于 Rails 的 CMS?我错过了一些基本的东西吗?或者这个用例在 Rails 社区中很少得到解决?
For Rails I see quite a few gem options for role-based access control (cancan, cantango, etc.) However, I'm not finding any gems for group-membership-based access control. Here is a simplified description of what I'm trying to accomplish:
Users: a, b, c, d
Groups: y, z
Group Membership: y has a and b; z has c and d
Posts: m, n
Ownership: a owns m; c owns n
Group y is marked as a public group. m can be seen by all users
Group z is marked as a private group. n can only be seen by c and d
So nothing too fancy or complex, essentially a capability similar to file system access control (e.g. read-write-execute across owner-group-public [without the 'execute' of course].)
It looks like Radiant (with some extra plug-ins) can provide page-level group-membership access control, but I don't want/need a whole CMS and I would prefer something that is model-based (like cancan) vs. page/path based. (BTW, I'm using Devise for my user model - is there something in Devise I missed?)
How are private/public user groupings implemented in Rails? Only through a Rails-based CMS? Am I missing something basic? Or is this use-case rarely tackled in the Rails community?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我找到了这个问题的答案,并认为我会将其发布,以防其他人正在寻找它。
CanCan 通过“条件哈希”支持组功能。这个想法是
post被标记为:group_id(belongs_toagroup)和users< /code>has_many组。然后,您可以在can语句中设置“条件哈希”,如下所示:“条件哈希”在此处进一步记录:
https://github.com/ryanb/cancan/wiki/Defining-Abilities
感谢 @Jason_Noble 将我带回到 cancan 文档,其中我终于找到了。
ps 一份实施说明。如果您希望某些帖子是公开的,而某些帖子是私人的,您可以设置一个默认组,每个用户都是该组的成员。所有公开帖子都应使用默认的 group_id 进行标记。
I found the answer for this and thought I would post it in case anyone else is looking for it.
CanCan does support group capability via "Hash of Conditions". The idea is that
postis tagged with a:group_id(belongs_toagroup) andusershas_manygroups. Then you can set up the "hash of conditions" within thecanstatement as follows:The "hash of conditions" is documented further here:
https://github.com/ryanb/cancan/wiki/Defining-Abilities
Thanks to @Jason_Noble for pointing me back to the cancan docs where I finally found it.
p.s. one implementation note. If you wish to have some Posts public and some Posts private, you can set up a default group of which each user is a member. All public Posts should then be tagged with the default group_id.
我会使用 CanCan 并执行以下操作:
I would use CanCan and do something like: