我有两个基本控制器类,一个用于JSON资源API,另一个是应用程序控制器API类。我必须在操作之前添加适用于两个基类的权限检查。
我不想重复之前的操作代码,所以想在公共场所添加。 如果我检查那里的祖先然后我没有看到任何rails默认公共类之间。
有什么建议吗?我也希望当前用户在上下文中。什么是解决这个问题的好方法?
class BaseResourceController < JSONAPI::ResourceController
before_action :check_permissions
def check_permissions
current_user.permissions
end
end
class ApplicationController < ActionController::API
before_action :check_permissions
def check_permissions
current_user.permissions
end
end
ActionController :: API.ancestors =&gt;
[ActionController :: API,Devise :: Controllers :: UrlHelpers,Devise :: Controllers :: Helpers,Devise :: Controllers :: StoreLocation,Devise :: Controllers :: SignInOut,ActiveRecord :: Railties :: ControllerRuntime,ActionDispatch :: Routing :: RouteSet :: MountedHelpers,ActionController :: RespondWith,ActionController :: ParamsWrapper,ActionController :: Instrumentation,ActionController :: Rescue,ActionController :: DataStreaming,ActionController :: ForceSSL,AbstractController :: Callbacks,ActiveSupport :: Callbacks, ActionController :: StrongParameters,ActiveSupport :: Rescuable,ActionController :: BasicImplicitRender,ActionController :: ConditionalGet,ActionController :: Head,ActionController :: Renderers :: All,ActionController :: Renderers,ActionController :: Rendering,ActionController :: ApiRendering,ActionController: :重定向,ActiveSupport :: Benchmarkable,AbstractController :: Logger,ActionController :: UrlFor,AbstractController :: UrlFor,ActionDispatch :: Routing :: UrlFor,ActionDispatch :: Routing :: PolymorphicRoutes,Ab stractController :: Rendering,ActionView :: ViewPaths,ActionController :: Metal,AbstractController :: Base,ActiveSupport :: Configurable,ActiveSupport :: ToJsonWithActiveSupportEncoder,Object,PP :: ObjectMixin,ActiveSupport :: Dependencies :: Loadable,JSON :: Ext: :Generator :: GeneratorMethods :: Object,ActiveSupport :: Tryable,Kernel,BasicObject]
JSONAPI :: ResourceController.ancestors =&gt;
[JSONAPI :: ResourceController,JSONAPI :: Callbacks,JSONAPI :: ActsAsResourceController,ActionController :: Base,Devise :: Controllers :: UrlHelpers,Devise :: Controllers :: Helpers,Devise :: Controllers :: StoreLocation,Devise: :Controllers :: SignInOut,ActiveRecord :: Railties :: ControllerRuntime,ActionDispatch :: Routing :: RouteSet :: MountedHelpers,ActionController :: RespondWith,ActionController :: ParamsWrapper,ActionController :: Instrumentation,ActionController :: Rescue,ActionController :: HttpAuthentication: :Token :: ControllerMethods,ActionController :: HttpAuthentication :: Digest :: ControllerMethods,ActionController :: HttpAuthentication :: Basic :: ControllerMethods,ActionController :: DataStreaming,ActionController :: Streaming,ActionController :: ForceSSL,ActionController :: RequestForgeryProtection,AbstractController: :Callbacks,ActiveSupport :: Callbacks,ActionController :: FormBuilder,ActionController :: Flash,ActionController :: Cookies,ActionController :: ParameterEncoding,ActionController :: StrongParameters ,ActiveSupport :: Rescuable,ActionController :: ImplicitRender,ActionController :: BasicImplicitRender,ActionController :: MimeResponds,AbstractController :: Caching,AbstractController :: Caching :: ConfigMethods,AbstractController :: Caching :: Fragments,ActionController :: Caching,ActionController :: EtagWithFlash,ActionController :: EtagWithTemplateDigest,ActionController :: ConditionalGet,ActionController :: Head,ActionController :: Renderers :: All,ActionController :: Renderers,ActionController :: Rendering,ActionView :: Layouts,ActionView :: Rendering,ActionController :: Redirecting, ActiveSupport :: Benchmarkable,AbstractController :: Logger,ActionController :: UrlFor,AbstractController :: UrlFor,ActionDispatch :: Routing :: UrlFor,ActionDispatch :: Routing :: PolymorphicRoutes,ActionController :: Helpers,AbstractController :: Helpers,AbstractController :: AssetPaths ,AbstractController :: Translation,AbstractController :: Rendering,ActionView :: ViewPaths,ActionController :: Metal,AbstractController :: Base,ActiveSuppor t :: Configurable,ActiveSupport :: ToJsonWithActiveSupportEncoder,Object,PP :: ObjectMixin,ActiveSupport :: Dependencies :: Loadable,JSON :: Ext :: Generator :: GeneratorMethods :: Object,ActiveSupport :: Tryable,Kernel,BasicObject]
答案 0 :(得分:1)
一种选择是将权限检查逻辑包装到模块中,并将该模块包含在相应的控制器中。权限检查实现驻留在单个文件中
# app/controllers/concerns/permission_check.rb
module PermissionCheck
extend ActiveSupport::Concern
included do
before_action :check_permissions
end
def check_permissions
current_user.permissions
end
end
现在将其包含在控制器中的任何位置。
class BaseResourceController < JSONAPI::ResourceController
include PermissionCheck
end
class ApplicationController < ActionController::API
include PermissionCheck
end