我正在尝试找到一个处理Rails应用程序的用户管理访问的gem。有许多基于角色的宝石,但它们并不能满足需要。我想的最佳方案示例是这样的:
我有一个模型,其中包含可用于不同方法的Actions列表(即RECORD_CREATE和RECORD_UPDATE)。我想允许用户执行这些操作或阻止用户执行这些操作。此外,我希望以相同的方式创建组权限,但仍然可以为用户添加其他权限,而无需创建不同的特定组。所有这些,我希望能够从应用程序内部进行控制,而不是从lib中的ruby文件进行控制。有这样的动物吗?我一直在寻找但无济于事。如果没有,有人想帮我做一个吗?
答案 0 :(得分:0)
我找到了一个名为Strongbolt的非常有趣的宝石,它基于基于记录的授权的Grant宝石。仍在弄清楚错综复杂,但似乎是一个非常强大的选择。
答案 1 :(得分:0)
如果有人感兴趣,这是一个本地解决方案。...
lib / permissions.rb
module Permissions
def all_permissions
@all_permissions ||= self.activities + Activity.joins(:permissions).where(permissions: {group: self.groups})
end
def update_permissions(permissions)
return if permissions.nil?
self.permissions.destroy_all
permissions.collect do |key, permission|
self.permissions.create!(activity_id: permission)
end
end
def authorized?(activity_code)
self.all_permissions.include?(Activity.find_by(code: activity_code))
end
end
lib / groups.rb
module Groups
def update_groups(groups)
return if groups.nil?
self.group_memberships.destroy_all
groups.each do |key, value|
group = Group.find_by(id: value)
self.groups << group if group
end
end
end
app / models / user.rb
include Permissions
include Groups
用代码...
rails g scaffold group name description
rails g model group_membership group:belongs_to user:belongs_to
rails g model activity name code description
rails g model permission group:belongs_to user:belongs_to activity:belongs_to
app / models / activity.rb
default_scope -> { order(:name) }
has_many :permissions
has_many :users, through: :permissions
validates :name, presence: true
validates :code, presence: true, uniqueness: true
app / models / group.rb
include Permissions
has_many :permissions
has_many :activities, through: :permissions
has_many :group_memberships
has_many :users, through: :group_memberships
validates :name, uniqueness: true
app / controllers / users_controller.rb(创建和更新)
@user.update_permissions(params[:user][:permissions]) if params[:user][:permissions].present?
@user.update_groups(params[:user][:groups]) if params[:user][:groups].present?
app / helpers / sessions_helper.rb
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def authorized?(activity)
current_user.authorized?(activity)
end
def authorize(activity)
if !current_user.authorized?(activity)
redirect_to root_path, flash: { warning: 'You do not have permission to access this area.' }
end
end
然后检查用户权限的语法为
if authorized?('PERMISSION_SHORT_CODE')
或...
authorize('PERMISSION_SHORT_CODE')
或任何变化形式。 “ PERMISSION_SHORT_CODE”是用于查找相关活动的任何唯一标识符。当我向站点添加功能时,我会通过Rails控制台亲自添加活动,然后可以根据需要限制该功能。 “ USER_ADD”,“ USER_DESTROY”,“ USER_EDIT”等。这是我用来显示和编辑用户#edit下权限的代码段。
app / helpers / users_helper.rb
def permissions_list(object, method, instance, options = {})
capture do
options.collect.with_index do |c, index|
if instance.groups.any? { |g| g.activities.include?(Activity.find(c[1])) }
concat check_box_tag("#{object}[#{method}]#{index}", c[1], true, disabled: true)
else
concat check_box_tag("#{object}[#{method}]#{index}", c[1], instance.activities.include?(Activity.find(c[1])))
end
concat content_tag(:label, "#{c[0]}".titleize) + tag(:br)
end
end
end
app / views / users / _form.html.erb
<div class="listbox">
<%= permissions_list(:user, :permissions, @user, Activity.all.order(:name).collect {|c| [c.name, c.id]}) %>
</div>
app / assets / stylesheets / application.css(.scss)
.listbox
overflow: hidden
overflow-y: scroll
margin: 10px
height: 250px
width: 300px
border: 1px solid
padding: 0 10px 0 10px
我希望这可以帮助某人和/或某人可以查看它,并找到一种更好的方法。谢谢大家的帮助!