我正在尝试使用declarative_authorization gem创建项目管理员和项目协作者角色。
我有一个名为“协作者”的表,它将用户保存到项目映射中。
型号:
项目
has_many :collaborators
has_many :users, :through => :collaborators
用户
has_many :collaborators
has_many :projects, :through => :collaborators
协作者
belongs_to :user
belongs_to :project
我需要一些关于为project_admin和project_collaborator角色定义dsl的指导。 我想出了以下内容:
authorization do
role :guest do
has_permission_on :users, :to => [:read]
end
role :project_admin do
has_permission_on :projects, :to => :manage do
if_attribute :project_admin => true
end
end
role :admin do
has_permission_on :users, :to => [:delete]
end
end
privileges do
privilege :manage do
includes :create, :read, :update, :delete
end
end
感谢任何建议/帮助 谢谢!
答案 0 :(得分:0)
我更喜欢这样的东西,以便每个用户都可以成为项目管理员:
项目
has_many :collaborators
has_many :users, :through => :collaborators
belongs_to :admin, :table_name => 'users' # Maybe has_many?
authorization_rules.rb
authorization do
role :guest do
has_permission_on :users, :to => [:read]
end
role :user do
has_permission_on :projects, :to => :create
has_permission_on :projects, :to => :manage do
if_attribute :admin => is { user }
end
has_permission_on :projects, :to => :read do
if_attribute :collaborators => contains { user }
end
has_permission_on :files, :to => :manage do
if_permitted_to :read, :project
end
end
end
privileges do
privilege :manage do
includes :create, :read, :update, :delete
end
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end