Ruby on rails 3 Rails声明性授权项目管理员角色
我正在尝试使用gem创建项目管理员和项目协作者角色 我有一个名为“collaborators”的表,它保存用户到项目的映射 型号: 计划Ruby on rails 3 Rails声明性授权项目管理员角色,ruby-on-rails-3,declarative-authorization,Ruby On Rails 3,Declarative Authorization,我正在尝试使用gem创建项目管理员和项目协作者角色 我有一个名为“collaborators”的表,它保存用户到项目的映射 型号: 计划 has_many :collaborators has_many :users, :through => :collaborators 使用者 合作者 belongs_to :user belongs_to :project 我需要一些关于为项目管理员和项目合作者角色定义dsl的指导。 我提出了以下建议: authorization do
has_many :collaborators
has_many :users, :through => :collaborators
使用者
合作者
belongs_to :user
belongs_to :project
我需要一些关于为项目管理员和项目合作者角色定义dsl的指导。
我提出了以下建议:
authorization do
role :guest do
has_permission_on :users, :to => [:read]
end
role :project_admin do
has_permission_on :projects, :to => :manage do
if_attribute :project_admin => true
end
end
role :admin do
has_permission_on :users, :to => [:delete]
end
end
privileges do
privilege :manage do
includes :create, :read, :update, :delete
end
end
感谢您的建议/帮助。谢谢 我更喜欢这样,这样每个用户都可以成为项目管理员: 计划
has_many :collaborators
has_many :users, :through => :collaborators
belongs_to :admin, :table_name => 'users' # Maybe has_many?
授权规则.rb
authorization do
role :guest do
has_permission_on :users, :to => [:read]
end
role :user do
has_permission_on :projects, :to => :create
has_permission_on :projects, :to => :manage do
if_attribute :admin => is { user }
end
has_permission_on :projects, :to => :read do
if_attribute :collaborators => contains { user }
end
has_permission_on :files, :to => :manage do
if_permitted_to :read, :project
end
end
end
privileges do
privilege :manage do
includes :create, :read, :update, :delete
end
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
authorization do
role :guest do
has_permission_on :users, :to => [:read]
end
role :user do
has_permission_on :projects, :to => :create
has_permission_on :projects, :to => :manage do
if_attribute :admin => is { user }
end
has_permission_on :projects, :to => :read do
if_attribute :collaborators => contains { user }
end
has_permission_on :files, :to => :manage do
if_permitted_to :read, :project
end
end
end
privileges do
privilege :manage do
includes :create, :read, :update, :delete
end
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end