使用rails的delcarative_authorization gem,是否有允许角色访问所有控制器操作的快捷方式?
privileges do
# default privilege hierarchies to facilitate RESTful Rails apps
privilege :manage, :includes => [:create, :read, :update, :delete]
end
是不够的,因为我的控制器中的控制方法比仅仅CRUD更多。
类似的东西:
role :foo do
has_permission_on :bar, :to =>[:all]
end
会很完美,但我没有在文档中找到它。
答案 0 :(得分:0)
我认为不存在一种简单的方法。 This thread讨论了一种可能的方法:检查“主”角色并完全绕过过滤。
答案 1 :(得分:0)
我使用这样的东西:
privileges do
# default privilege hierarchies to facilitate RESTful Rails apps
privilege :manage, :includes => [:create, :read, :update, :delete]
method_names = Bar.action_methods.to_a
meths = method_names - %w{create read update delete}
privilege :all_others, :includes => meths.map{|m| m.to_sym}
end
role :foo do
has_permission_on :bar, :to =>[:manage,:all_others]
end
虽然类似于:
privileges do
# default privilege hierarchies to facilitate RESTful Rails apps
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :all, :includes => Bar.action_methods
end
role :foo do
has_permission_on :bar, :to =>[:all]
end
可能更适合您的要求