Rails 4 + Pundit : 加入模型授权 has_many :through association
Rails 4 + Pundit : join model authorization in has_many :through association
在我的 Rails 应用程序中,有 3 个模型,由 has_many :through 关联定义:
class User < ActiveRecord::Base
has_many :administrations
has_many :calendars, through: :administrations
end
class Calendar < ActiveRecord::Base
has_many :administrations
has_many :users, through: :administrations
end
class Administration < ActiveRecord::Base
belongs_to :user
belongs_to :calendar
end
加入 Administration 模型有一个 role 属性,我们用它来定义给定 user 给定 [=18] 的角色——所有者、编辑者或查看者=].
事实上,在应用程序中,用户可以是日历的所有者,例如另一个日历的查看者。
我使用 Devise 实现了身份验证。
我也开始使用 Pundit 实现授权:授权目前正在为 calendars 工作,其中 users 可以根据他们的 roles.
执行不同的操作
更新:这里是当前的 CalendarPolicy:
class CalendarPolicy < ApplicationPolicy
attr_reader :user, :calendar
def initialize(user, calendar)
@user = user
@calendar = calendar
end
def index?
user.owner?(calendar) || user.editor?(calendar) || user.viewer?(calendar)
end
def create?
true
end
def show?
user.owner?(calendar) || user.editor?(calendar) || user.viewer?(calendar)
end
def update?
user.owner?(calendar) || user.editor?(calendar)
end
def edit?
user.owner?(calendar) || user.editor?(calendar)
end
def destroy?
user.owner?(calendar)
end
end
现在,我想为 Administration 模型实施一个 Pundit 策略,如下所示:
- 如果用户是日历的所有者,则他可以执行
Index、Show、Create、New、Edit、Update 和 Destroy 对该日历的主管部门的操作。
- 但是,如果用户是日历的编辑者或查看者,那么他只能做两件事:1. 执行
Index 操作以查看日历的所有用户和 2. 执行 Destroy 对 "leave the calendar". 的管理采取行动
我的问题如下:
- 如上所述,管理实例仅作为
user 和 calendar 之间的连接存在。
- 因此,要对管理实例执行操作,我需要三个上下文:
administration_id、user_id 和 calendar_id.
- 但是,Pundit 只接受政策中的两个上下文,通常是
user 和实际的 record(此处为管理)。
在 Pundit 的 GitHub 页面上,在 Additional context 部分,我们可以阅读以下内容:
Additional context
Pundit strongly encourages you to model your application in such a way
that the only context you need for authorization is a user object and
a domain model that you want to check authorization for. If you find
yourself needing more context than that, consider whether you are
authorizing the right domain model, maybe another domain model (or a
wrapper around multiple domain models) can provide the context you
need.
Pundit does not allow you to pass additional arguments to policies for
precisely this reason.
However, in very rare cases, you might need to authorize based on more
context than just the currently authenticated user. Suppose for
example that authorization is dependent on IP address in addition to
the authenticated user. In that case, one option is to create a
special class which wraps up both user and IP and passes it to the
policy.
has_many :through 关联是否构成上述 "very rare cases" 之一,或者是否有更简单的方法来为我的 Administration 加入模型实施授权?
是的,这是极少数情况之一。
# calendar controller show
@calendar = something
@administration = @calendar.administration_of_current_user
authorize CalendarAdministrationContext
# pundit CalendarAdministrationContext
def initialize(user, administration, calendar)
@user = user
@administration = administration
@calendar = calendar
end
我认为这不是特例。
在您提供的 link 中明确说明的违反良好做法的原因是什么?
您可以在 CalendarController 中添加 add_viewer、add_editor、remove_viewer、remove_editor 操作。
前两个可以用你的旧CalendarPolicy授权。
class CalendarPolicy
# old staff here
def add_viewer?
user.is_owner?(calendar)
end
def add_editor?
user.is_owner?(calendar)
end
end
虽然您需要 AdministrationPolicy 来进行删除操作(我错了,说日历政策是enogh):
class AdministrationPolicy
attr_reader :user, :authorization
def remove_viwer?
authorization.viewer? and authorization.user == user
end
def remove_editor?
authorization.editor? and authorization.user == user
end
end
在我的 Rails 应用程序中,有 3 个模型,由 has_many :through 关联定义:
class User < ActiveRecord::Base
has_many :administrations
has_many :calendars, through: :administrations
end
class Calendar < ActiveRecord::Base
has_many :administrations
has_many :users, through: :administrations
end
class Administration < ActiveRecord::Base
belongs_to :user
belongs_to :calendar
end
加入 Administration 模型有一个 role 属性,我们用它来定义给定 user 给定 [=18] 的角色——所有者、编辑者或查看者=].
事实上,在应用程序中,用户可以是日历的所有者,例如另一个日历的查看者。
我使用 Devise 实现了身份验证。
我也开始使用 Pundit 实现授权:授权目前正在为 calendars 工作,其中 users 可以根据他们的 roles.
更新:这里是当前的 CalendarPolicy:
class CalendarPolicy < ApplicationPolicy
attr_reader :user, :calendar
def initialize(user, calendar)
@user = user
@calendar = calendar
end
def index?
user.owner?(calendar) || user.editor?(calendar) || user.viewer?(calendar)
end
def create?
true
end
def show?
user.owner?(calendar) || user.editor?(calendar) || user.viewer?(calendar)
end
def update?
user.owner?(calendar) || user.editor?(calendar)
end
def edit?
user.owner?(calendar) || user.editor?(calendar)
end
def destroy?
user.owner?(calendar)
end
end
现在,我想为 Administration 模型实施一个 Pundit 策略,如下所示:
- 如果用户是日历的所有者,则他可以执行
Index、Show、Create、New、Edit、Update和Destroy对该日历的主管部门的操作。 - 但是,如果用户是日历的编辑者或查看者,那么他只能做两件事:1. 执行
Index操作以查看日历的所有用户和 2. 执行Destroy对 "leave the calendar". 的管理采取行动
我的问题如下:
- 如上所述,管理实例仅作为
user和calendar之间的连接存在。 - 因此,要对管理实例执行操作,我需要三个上下文:
administration_id、user_id和calendar_id. - 但是,Pundit 只接受政策中的两个上下文,通常是
user和实际的record(此处为管理)。
在 Pundit 的 GitHub 页面上,在 Additional context 部分,我们可以阅读以下内容:
Additional context
Pundit strongly encourages you to model your application in such a way that the only context you need for authorization is a user object and a domain model that you want to check authorization for. If you find yourself needing more context than that, consider whether you are authorizing the right domain model, maybe another domain model (or a wrapper around multiple domain models) can provide the context you need.
Pundit does not allow you to pass additional arguments to policies for precisely this reason.
However, in very rare cases, you might need to authorize based on more context than just the currently authenticated user. Suppose for example that authorization is dependent on IP address in addition to the authenticated user. In that case, one option is to create a special class which wraps up both user and IP and passes it to the policy.
has_many :through 关联是否构成上述 "very rare cases" 之一,或者是否有更简单的方法来为我的 Administration 加入模型实施授权?
是的,这是极少数情况之一。
# calendar controller show
@calendar = something
@administration = @calendar.administration_of_current_user
authorize CalendarAdministrationContext
# pundit CalendarAdministrationContext
def initialize(user, administration, calendar)
@user = user
@administration = administration
@calendar = calendar
end
我认为这不是特例。 在您提供的 link 中明确说明的违反良好做法的原因是什么?
您可以在 CalendarController 中添加 add_viewer、add_editor、remove_viewer、remove_editor 操作。
前两个可以用你的旧CalendarPolicy授权。
class CalendarPolicy
# old staff here
def add_viewer?
user.is_owner?(calendar)
end
def add_editor?
user.is_owner?(calendar)
end
end
虽然您需要 AdministrationPolicy 来进行删除操作(我错了,说日历政策是enogh):
class AdministrationPolicy
attr_reader :user, :authorization
def remove_viwer?
authorization.viewer? and authorization.user == user
end
def remove_editor?
authorization.editor? and authorization.user == user
end
end