Ruby on rails 3 Rails声明性授权项目管理员角色_Ruby On Rails 3_Declarative Authorization

Ruby on rails 3 Rails声明性授权项目管理员角色

ruby-on-rails-3

Ruby on rails 3 Rails声明性授权项目管理员角色,ruby-on-rails-3,declarative-authorization,Ruby On Rails 3,Declarative Authorization,我正在尝试使用gem创建项目管理员和项目协作者角色我有一个名为“collaborators”的表，它保存用户到项目的映射型号：计划 has_many :collaborators has_many :users, :through => :collaborators 使用者合作者 belongs_to :user belongs_to :project 我需要一些关于为项目管理员和项目合作者角色定义dsl的指导。我提出了以下建议： authorization do

我正在尝试使用gem创建项目管理员和项目协作者角色

我有一个名为“collaborators”的表，它保存用户到项目的映射

型号：

计划

has_many :collaborators  
has_many :users, :through => :collaborators

使用者

合作者

belongs_to :user
belongs_to :project

我需要一些关于为项目管理员和项目合作者角色定义dsl的指导。我提出了以下建议：

authorization do
  role :guest do
    has_permission_on :users, :to => [:read]
  end

  role :project_admin do
    has_permission_on :projects, :to => :manage do
      if_attribute :project_admin => true
    end
  end

  role :admin do
    has_permission_on :users, :to => [:delete]
  end
end

privileges do
  privilege :manage do
    includes :create, :read, :update, :delete
  end
end

感谢您的建议/帮助。

谢谢

我更喜欢这样，这样每个用户都可以成为项目管理员：

计划

has_many :collaborators  
has_many :users, :through => :collaborators 
belongs_to :admin, :table_name => 'users' # Maybe has_many?

授权规则.rb

authorization do
  role :guest do
    has_permission_on :users, :to => [:read]
  end

  role :user do
    has_permission_on :projects, :to => :create
    has_permission_on :projects, :to => :manage do
      if_attribute :admin => is { user }
    end
    has_permission_on :projects, :to => :read do
      if_attribute :collaborators => contains { user }
    end
    has_permission_on :files, :to => :manage do
      if_permitted_to :read, :project
    end
  end
end

privileges do
  privilege :manage do
    includes :create, :read, :update, :delete
  end
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end

authorization do
  role :guest do
    has_permission_on :users, :to => [:read]
  end

  role :user do
    has_permission_on :projects, :to => :create
    has_permission_on :projects, :to => :manage do
      if_attribute :admin => is { user }
    end
    has_permission_on :projects, :to => :read do
      if_attribute :collaborators => contains { user }
    end
    has_permission_on :files, :to => :manage do
      if_permitted_to :read, :project
    end
  end
end

privileges do
  privilege :manage do
    includes :create, :read, :update, :delete
  end
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end