使用cancancan的同一用户的不同规则

时间:2018-01-30 13:28:11

标签: ruby-on-rails authorization cancancan

我刚刚开始使用rails,我在这里遇到了一个可怕的疑问,我正在开发中,并且我已经达到了这样的程度,即我看到我创建的规则不会再出现了。 我正在使用cancancan。

假设我打算开发模块,以促进交付和开发。目前只有其中一个模块可用,已定义的规则对于此模块工作正常,但是当我提供另一个模块时,它们对同一用户的规则不同。

enum kind: {
        User: 1,
        Editor:2,
        Admin: 3       
    }
    enum charge: {
        Auxiliary: 1,
        Analyst: 2,
        Coordinator: 3
    }
    enum print: {
        No: 0,
        Yes 1
    }

这些是今天可用的选项,这是针对与文档模型相关的用户模型。 但是,当我创建一个模型测试,规则与文档完全不同时,我是否必须复制用户规则才能够定义? 

enum kind_test: {
        User: 1,
        Editor:2,
        Admin: 3
    }
    enum charge_test: {
        Auxiliary: 1,
        Analyst: 2,
        Coordinator: 3
    }
    enum print_test: {
        No: 0,
        Yes 1
    }

当我创建另一个模块时,我是否必须再次复制?我在用户中的规则将始终是这些类型,收费和打印,不同模型的能力有哪些变化。

我的能力

if user.kind == 'Admin'
    can: manage,: all
end
if user.kind == 'User'
    if user.print == 'Yes'
        can: view, Pop
        if user.charge == 'Auxiliary'
            can [: index_pdf,: show,: read,: view,: index], Pop, status: 0, charge: 1
        end
        if user.charge == 'Analyst'
            can [: index_pdf,: show,: read,: view,: index], Pop, status: 0, charge: 1
            can [: index_pdf,: show,: read,: view,: index], Pop, status: 0, charge: 2
        end
        if user.charge == 'Coordinator'
            can [: index_pdf,: show,: read,: view,: index], Pop, status: 0, charge: 1
            can [: index_pdf,: show,: read,: view,: index], Pop, status: 0, charge: 2
            can [: index_pdf,: show,: read,: view,: index], Pop, status: 0, charge: 3
        end
    else
        can: view, Pop
        if user.charge == 'Auxiliary'
            can [: show,: read,: view,: index], Pop, status: 0, charge: 1
        end
        if user.charge == 'Analyst'
            can [: show,: read,: view,: index], Pop, status: 0, charge: 1
            can [: show,: read,: view,: index], Pop, status: 0, charge: 2
        end
        if user.charge == 'Coordinator'
            can [: show,: read,: view,: index], Pop, status: 0, charge: 1
            can [: show,: read,: view,: index], Pop, status: 0, charge: 2
            can [: show,: read,: view,: index], Pop, status: 0, charge: 3
        end
    end
end
if user.kind == 'Editor'
    can: view, Pop
    if user.charge == 'Auxiliary'
        can [: index_pdf,: show,: read,: view,: index,: edit], Pop, status: 0, charge: 1
    end
    if user.charge == 'Analyst'
        can [: index_pdf,: show,: read,: view,: index,: edit], Pop, status: 0, charge: 1
        can [: index_pdf,: show,: read,: view,: index,: edit], Pop, status: 0, charge: 2
    end
    if user.charge == 'Coordinator'
        can [: index_pdf,: show,: read,: view,: index,: edit], Pop, status: 0, charge: 1
        can [: index_pdf,: show,: read,: view,: index,: edit], Pop, status: 0, charge: 2
        can [: index_pdf,: show,: read,: view,: index,: edit], Pop, status: 0, charge: 3
    end
end

1 个答案:

答案 0 :(得分:0)

这个怎么样:

  if user.kind == 'Admin'
    can: manage,: all
    return
  end

  pop_permissions = pop_permissions_to_apply

  can :view, Pop
  can(pop_permissions, Pop, status: 0, charge: 1)
  if user.charge == 'Analyst' || user.charge == 'Coordinator'
    can(pop_permissions, Pop, status: 0, charge: 2)
  end
  if user.charge == 'Coordinator'
    can(pop_permissions, Pop, status: 0, charge: 3)
  end

#####
def pop_permissions_to_apply 
  permissions = [:show, :read, :view, :index]
  user_that_can_print = user.kind == 'User' && user.print == 'Yes'
  if user_that_can_print || user.kind == 'Editor'
    permissions.push :index_pdf
  end
  if user.kind == 'Editor'
    permissions.push :edit
  end
  permissions
end
相关问题
最新问题