Rails 应用程序中的动态角色和权限系统
我需要在 Rails 应用程序中创建基于角色的权限系统。我对 CanCan 非常满意,但主要问题是 - 它必须是动态的,以便管理员必须能够分配权限并创建新角色。权限可以是简单的控制器/操作限制,并且可以与数据相关,例如,一些用户只能编辑他们自己的配置文件,而其中一些用户可以编辑特定组中所有用户的配置文件。如果允许管理员创建新的权限,那就太好了。
我正在考虑的是在数据库中存储控制器/操作以及一些与数据相关的限制(我在这里对定义它们的方式感到非常困惑)。那么您能给我一些建议吗?组织权限的最佳方式是什么?
任何想法都非常感激
I need to create roles based permissions systems in my Rails app. I would be totally happy with CanCan, but the main problem - it has to be dynamic, so that Admin has to be able to assign permissions and to create new roles. The permissions can be simple controller/action restrictions, and can be data related, for example some users can edit only their own profiles, and some of them can edit the profiles of all the users in the particular group. And it would be really nice to allow Admin to create new permissions.
What I'm thinking about is to store in db a controller/action, and some data related restrictions (I'm really confused here about the way to define them). So could you please give me some advice, what would be the best way to organize permissions?
Any thoughts are much appreciated
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果你喜欢 CanCan,那么我认为最好使用它。这是一个关于在数据库中存储能力的简短教程,以便非程序员可以更新它们:
https://github.com/ryanb/cancan/wiki/Abilities-in-Database
如果你真的非常想自己实现这样的系统。根据您的需求,我会建议您尽可能简单地实现它。
在这种情况下,您只需要用户有权访问模块(某些控制器)。您可以执行以下操作:
将所有用户权限存储在序列化字段中 -> http://apidock.com/rails/ActiveRecord/Base/serialize/class
用户类
序列化:权限,数组
def access_to?(模块)
权限.包括?模块.to_s
结尾
结束
一些检查会很好。
只需在每个控制器顶部检查当前用户是否有权访问该控制器(部分)
应用程序控制器类
私人
结束
类AdminNewsController
require_access_to:新闻
结束
,这只是一个开始位置,您可以从这里轻松发展。
If you like CanCan, then I think is best to use it. Here is a short tutorial about storing abilities in database so non-programmers can update them:
https://github.com/ryanb/cancan/wiki/Abilities-in-Database
If you really, really want to implement such system yourself. Depending on your needs, I will suggest for you to implement it as simple as possible.
In the case you need only users to have access to modules(certain controllers). You can do:
Store all users permissions in just like serialized fields -> http://apidock.com/rails/ActiveRecord/Base/serialize/class
class User
serialize :permissions, Array
def access_to?(module)
permissions.include? module.to_s
end
end
some check when setting this field would be nice.
Just make a check on top of every controller if the current user have access to this controller(section)
class ApplicationController
private
end
class AdminNewsController
require_access_to :news
end
Of course this is just a start position, from where you can easily evolve.
[编辑 @RadoslavStankov 给出的链接是比这更好的答案。]
您可以使用 CanCan 轻松做到这一点。只需创建一个权限模型(其中
has_and_belongs_to_many :users),然后在您的Ability#initialize中从模型中加载适合用户的权限,并指定用户可以做到这些。然后制作适当的用户界面来管理该模型。像这样的事情:
其中
scope返回类似:all的内容,表示nil范围,或Object.const_get(@scope_name)否则...玩它。无论如何,这是可行的。更复杂的 CanCan 事情可能会更复杂(废话) - 例如条件权限 - 但这也很难管理,所以我认为这对于大多数应用程序来说应该足够了。
[EDIT The link given by @RadoslavStankov is a better answer than this.]
You can do it with CanCan easily. Just make a model for permissions (which
has_and_belongs_to_many :users), and in yourAbility#initializeload the permissions appropriate to the user from the model and say that the usercando them. Then make appropriate user interface for administrating that model.Something like this:
where
scopereturned something like:allfornilscope, orObject.const_get(@scope_name)otherwise... Play with it. Anyway, it's doable.More complex CanCan things are likely to be more complex (duh) - for example conditional permissions - but that would be a bitch to administer as well, so I think this should be enough for most applications.