Rails - CanCanCan - 共同能力
Rails - CanCanCan - common abilities
我正在使用Rails4、devise、Role Model和CanCanCan。
是否可以在 ability.rb 中定义一种对许多角色通用的能力?
例如,每个登录用户都可以增删改查他们自己的个人资料页面?然后角色在通用能力之上还有特定的能力?
这是如何运作的?我是否需要在 Role Model 中为通用能力创建一个角色,然后允许每个用户拥有多个角色,以便他们获得通用能力以及角色特定能力?
例如,在我的 ability.rb 中,我有:
class Ability
include CanCan::Ability
def initialize(user)
alias_action :create, :read, :update, :destroy, :to => :crud
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
#users who are not signed in can create registration or login
# can read publicly available projects, programs and proposals
can :read, Project, {:active => true, :closed => false, :sweep => { :disclosure => { :allusers => true } } }
# {:active => true, :closed => false && :Project.sweep.disclosure.allusers => true}
# if user role is student
if user_signed_in?
can :crud, Profile, :user_id => user.id #[for themselves]
elsif user.try(:profile).present? && user.profile.has_role?(:student)
所以,我希望学生能够阅读客人可以阅读的内容。有没有办法说学生可以做新用户和登录用户可以做的所有事情(以及学生的特定能力)?
我正在使用这个 https://github.com/ryanb/cancan/wiki/Role-Based-Authorization#alternative-role-inheritance 对我来说很好用
我在这里添加一个示例能力class以供您理解。您可以轻松理解代码并阅读注释。你的代码看起来不太好,我可以指出一件事,你不应该通过 profile 管理角色,你应该使用 user 分配或管理 roles。
如果您想为一组用户提供相同的能力,那么您可以使用这种类型的 || 条件 user.has_role?(:role_one) || user.has_role?(:role_two) 并将能力块作为 can :manage, [SomeClassName, SomeClassName].
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
#Only same user can mange his Profile
can :manage, [Profile], :user_id => user.id
#Give rule wise permission
if user.admin?
can :manage, :all
elsif user.has_role?(:some_role_name)
can :manage, [SomeClassName]
elsif user.has_role?(:role_one) || user.has_role?(:role_two)
can :manage, [SomeClassName, SomeClassName]
else
can :read, :all
end
end
end
希望这能帮助您完成任务。
你可以通过这样的函数调用在你的角色中进行某种组合
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
#users who are not signed in can create registration or login
# can read publicly available projects, programs and proposals
# {:active => true, :closed => false && :Project.sweep.disclosure.allusers => true}
# if user role is student
if user_signed_in?
if user.try(:profile).present? && user.profile.has_role?(:student)
student
else
authenticated
end
else
anonymous
end
end
def anonymous
can :read, Project, {:active => true, :closed => false, :sweep => { :disclosure => { :allusers => true } } }
end
def authenticated
anonymous
can :crud, Profile, :user_id => user.id #[for themselves]
end
def student
authenticated
#other student abilities
end
#other roles follow the same principal
def teacher
authenticated
end
end
authenticated函数将包含任何角色的通用能力,每个需要它的角色都会调用(这是一种继承,任何学生都可以做经过身份验证的用户可以加上他的能力)
我正在使用Rails4、devise、Role Model和CanCanCan。
是否可以在 ability.rb 中定义一种对许多角色通用的能力?
例如,每个登录用户都可以增删改查他们自己的个人资料页面?然后角色在通用能力之上还有特定的能力?
这是如何运作的?我是否需要在 Role Model 中为通用能力创建一个角色,然后允许每个用户拥有多个角色,以便他们获得通用能力以及角色特定能力?
例如,在我的 ability.rb 中,我有:
class Ability
include CanCan::Ability
def initialize(user)
alias_action :create, :read, :update, :destroy, :to => :crud
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
#users who are not signed in can create registration or login
# can read publicly available projects, programs and proposals
can :read, Project, {:active => true, :closed => false, :sweep => { :disclosure => { :allusers => true } } }
# {:active => true, :closed => false && :Project.sweep.disclosure.allusers => true}
# if user role is student
if user_signed_in?
can :crud, Profile, :user_id => user.id #[for themselves]
elsif user.try(:profile).present? && user.profile.has_role?(:student)
所以,我希望学生能够阅读客人可以阅读的内容。有没有办法说学生可以做新用户和登录用户可以做的所有事情(以及学生的特定能力)?
我正在使用这个 https://github.com/ryanb/cancan/wiki/Role-Based-Authorization#alternative-role-inheritance 对我来说很好用
我在这里添加一个示例能力class以供您理解。您可以轻松理解代码并阅读注释。你的代码看起来不太好,我可以指出一件事,你不应该通过 profile 管理角色,你应该使用 user 分配或管理 roles。
如果您想为一组用户提供相同的能力,那么您可以使用这种类型的 || 条件 user.has_role?(:role_one) || user.has_role?(:role_two) 并将能力块作为 can :manage, [SomeClassName, SomeClassName].
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
#Only same user can mange his Profile
can :manage, [Profile], :user_id => user.id
#Give rule wise permission
if user.admin?
can :manage, :all
elsif user.has_role?(:some_role_name)
can :manage, [SomeClassName]
elsif user.has_role?(:role_one) || user.has_role?(:role_two)
can :manage, [SomeClassName, SomeClassName]
else
can :read, :all
end
end
end
希望这能帮助您完成任务。
你可以通过这样的函数调用在你的角色中进行某种组合
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
#users who are not signed in can create registration or login
# can read publicly available projects, programs and proposals
# {:active => true, :closed => false && :Project.sweep.disclosure.allusers => true}
# if user role is student
if user_signed_in?
if user.try(:profile).present? && user.profile.has_role?(:student)
student
else
authenticated
end
else
anonymous
end
end
def anonymous
can :read, Project, {:active => true, :closed => false, :sweep => { :disclosure => { :allusers => true } } }
end
def authenticated
anonymous
can :crud, Profile, :user_id => user.id #[for themselves]
end
def student
authenticated
#other student abilities
end
#other roles follow the same principal
def teacher
authenticated
end
end
authenticated函数将包含任何角色的通用能力,每个需要它的角色都会调用(这是一种继承,任何学生都可以做经过身份验证的用户可以加上他的能力)