在我的应用程序中,我希望以这种方式在其中实现角色和权限,用户管理员可以在其浏览器中创建新角色。所以我需要权限表和角色表,其中每个角色都是权限的组合。现在我使用了CanCan gem,但是这个行为不是这个gem的默认行为,最后我得到了非常复杂的角色结构和检查权限。任何人都能告诉我宝石提供这种行为,或者我应该没有任何宝石吗?
答案 0 :(得分:1)
请参阅CanCan wiki中的Abilities in Database和Ability for Other Users:
class Ability
include CanCan::Ability
def initialize(user)
can do |action, subject_class, subject|
user.permissions.find_all_by_action(aliases_for_action(action)).any? do |permission|
permission.subject_class == subject_class.to_s &&
(subject.nil? || permission.subject_id.nil? || permission.subject_id == subject.id)
end
end
end
end
EDIT
一些负载优化:
class Ability
include CanCan::Ability
def initialize(user, context = nil)
if context.nil?
can do |action, subject_class, subject|
user.permissions.find_all_by_action(aliases_for_action(action)).any? do |permission|
permission.subject_class == subject_class.to_s &&
(subject.nil? || permission.subject_id.nil? || permission.subject_id == subject.id)
end
elsif context == :post
can :manage, Post, :id => y
elsif context == :users
can :manage, User, :id => x
end
...
在控制器中:
class UsersController
protected
def current_ability
Ability.new(current_user, :users)
class PostsController
protected
def current_ability
Ability.new(current_user, :posts)