用户管理的Rails应用程序访问

时间:2017-09-21 15:39:26

标签: ruby-on-rails authorization access user-permissions

我正在尝试找到一个处理Rails应用程序的用户管理访问的gem。有许多基于角色的宝石,但它们并不能满足需要。我想的最佳方案示例是这样的:

我有一个模型,其中包含可用于不同方法的Actions列表(即RECORD_CREATE和RECORD_UPDATE)。我想允许用户执行这些操作或阻止用户执行这些操作。此外,我希望以相同的方式创建组权限,但仍然可以为用户添加其他权限,而无需创建不同的特定组。所有这些,我希望能够从应用程序内部进行控制,而不是从lib中的ruby文件进行控制。有这样的动物吗?我一直在寻找但无济于事。如果没有,有人想帮我做一个吗?

2 个答案:

答案 0 :(得分:0)

我找到了一个名为Strongbolt的非常有趣的宝石,它基于基于记录的授权的Grant宝石。仍在弄清楚错综复杂,但似乎是一个非常强大的选择。

答案 1 :(得分:0)

如果有人感兴趣,这是一个本地解决方案。...

lib / permissions.rb

module Permissions
  def all_permissions
    @all_permissions ||= self.activities + Activity.joins(:permissions).where(permissions: {group: self.groups})
  end

  def update_permissions(permissions)
    return if permissions.nil?
    self.permissions.destroy_all
    permissions.collect do |key, permission|
      self.permissions.create!(activity_id: permission)
    end
  end

  def authorized?(activity_code)
    self.all_permissions.include?(Activity.find_by(code: activity_code))
  end
end

lib / groups.rb

module Groups
  def update_groups(groups)
    return if groups.nil?
    self.group_memberships.destroy_all
    groups.each do |key, value|
      group = Group.find_by(id: value)
      self.groups << group if group
    end
  end
end

app / models / user.rb

include Permissions
include Groups

用代码...

rails g scaffold group name description
rails g model group_membership group:belongs_to user:belongs_to
rails g model activity name code description
rails g model permission group:belongs_to user:belongs_to activity:belongs_to

app / models / activity.rb

default_scope -> { order(:name) }
has_many :permissions
has_many :users, through: :permissions
validates :name, presence: true
validates :code, presence: true, uniqueness: true

app / models / group.rb

include Permissions
has_many :permissions
has_many :activities, through: :permissions
has_many :group_memberships
has_many :users, through: :group_memberships
validates :name, uniqueness: true

app / controllers / users_controller.rb(创建和更新)

@user.update_permissions(params[:user][:permissions]) if params[:user][:permissions].present?
@user.update_groups(params[:user][:groups]) if params[:user][:groups].present?

app / helpers / sessions_helper.rb

def current_user
  @current_user ||= User.find_by(id: session[:user_id])
end

def authorized?(activity)
  current_user.authorized?(activity)
end

def authorize(activity)
  if !current_user.authorized?(activity)
    redirect_to root_path, flash: { warning: 'You do not have permission to access this area.' }
  end
end

然后检查用户权限的语法为

if authorized?('PERMISSION_SHORT_CODE')

或...

authorize('PERMISSION_SHORT_CODE')

或任何变化形式。 “ PERMISSION_SHORT_CODE”是用于查找相关活动的任何唯一标识符。当我向站点添加功能时,我会通过Rails控制台亲自添加活动,然后可以根据需要限制该功能。 “ USER_ADD”,“ USER_DESTROY”,“ USER_EDIT”等。这是我用来显示和编辑用户#edit下权限的代码段。

app / helpers / users_helper.rb

def permissions_list(object, method, instance, options = {})
  capture do
    options.collect.with_index do |c, index|
      if instance.groups.any? { |g| g.activities.include?(Activity.find(c[1])) }
        concat check_box_tag("#{object}[#{method}]#{index}", c[1], true, disabled: true)
      else
        concat check_box_tag("#{object}[#{method}]#{index}", c[1], instance.activities.include?(Activity.find(c[1])))
      end
      concat content_tag(:label, "#{c[0]}".titleize) + tag(:br)
    end
  end
end

app / views / users / _form.html.erb

<div class="listbox">
  <%= permissions_list(:user, :permissions, @user, Activity.all.order(:name).collect {|c| [c.name, c.id]}) %>
</div>

app / assets / stylesheets / application.css(.scss)

.listbox
  overflow: hidden
  overflow-y: scroll
  margin: 10px
  height: 250px
  width: 300px
  border: 1px solid
  padding: 0 10px 0 10px

我希望这可以帮助某人和/或某人可以查看它,并找到一种更好的方法。谢谢大家的帮助!