1. 首页
  2. 问答
  3. 基于最佳能力的授权

基于最佳能力的授权

2013-05-14 24 views
0

我有一个Rails 3应用程序,我使用CanCan进行授权,但我在寻找更适合我需求的东西。我的授权不是基于角色的,而是更加情景化的。基于最佳能力的授权

该应用程序用于管理大学/宿舍的日常晚餐俱乐部,在那里人们轮流为其余的晚餐做饭。因此,厨师对他负责的晚餐俱乐部拥有更多权限(如更改菜单),并且参与者拥有更多权限(如添加客人),而不是参与该单一晚餐俱乐部的人。

因此,我需要的是一些依赖于用户和晚餐俱乐部或厨房(厨房里有很多晚餐俱乐部)之间关系的授权系统,而不是用户角色。

如果有帮助,是我目前的康康舞能力在这里(当你看到他们是非常复杂的)

# In ability.rb 

def initialize(user) 
    # edit (like changing time or menu) for a dinner club 
    can :edit, DinnerClub do |dinner_club| 
    dinner_club.is_chef?(user) && 
    !dinner_club.canceled? 
    end 

    # open or close a dinner club 
    can [:open, :close], DinnerClub do |dinner_club| 
    !dinner_club.passed? && 
    dinner_club.is_chef?(user) 
    end 

    # cancel or resume a dinner club 
    can [:cancel, :resume], DinnerClub do |dinner_club| 
    !dinner_club.passed? && 
    dinner_club.is_chef?(user) 
    end 

    # register or unregister for at specific dinner club 
    can [:register, :unregister], DinnerClub do |dinner_club| 
    dinner_club.open? && 
    (dinner_club.kitchen_id == user.kitchen_id || dinner_club.kitchen.open_registrations?) && 
    !dinner_club.is_chef?(user) 
    end 

    # add guests to a dinner club 
    can [:add_guests], DinnerClub do |dinner_club| 
    dinner_club.open? && 
    (dinner_club.kitchen_id == user.kitchen_id || dinner_club.kitchen.open_registrations?) && 
    dinner_club.registered?(user) 
    end 

    # take the dinner club from another use if the dinner club is canceled 
    can [:take], DinnerClub do |dinner_club| 
    dinner_club.canceled? && 
    (dinner_club.kitchen_id == user.kitchen_id || dinner_club.kitchen.open_registrations?) && 
    !dinner_club.passed? && 
    !dinner_club.is_chef?(user) 
    end 

    # create a new dinner club 
    can [:create], DinnerClub do |dinner_club| 
    (dinner_club.kitchen_id == user.kitchen_id || dinner_club.kitchen.open_registrations?) 
    end 

    # comment on existing dinner clubs 
    can [:comment], DinnerClub do |dinner_club| 
    dinner_club.registered?(user) 
    end 

    # can see dinner clubs for this kitchen 
    can :read, Kitchen do |kitchen| 
    (kitchen.id == user.kitchen_id || kitchen.open_registrations?) 
    end 

    # can manage the kitchen, like changing name and configuration options 
    can :manage, Kitchen, admin_id: user.id 
end

来源

2013-05-14 jokklan

回答

1

您可以重写大部分在惨惨这些块,使他们少了很多复杂。

can :edit, DinnerClub, cancelled: false, chef_id: user.id 

# open or close a dinner club 
can [:open, :close], DinnerClub, passed: false, chef_id: user.id 

# take the dinner club from another use if the dinner club is canceled 
can [:take], DinnerClub, cancelled: true, kitchen_id: user.kitched_id, passed: false 
can [:take], DinnerClub, cancelled: true, kitchen: { open_registrations: true }, passed: false 
cannnot [:take], DinnerClub, chef_id: user.id

这是假设的cancelled?passed?方法从在DinnerClub模型布尔属性推导并且该is_chef?方法检查一个chef_id。但它说明了这个想法。

CanCan主要用于定义基于资源的能力,所以我会这样做。

来源

2013-05-14 15:35:33 Arjan

+0

谢谢你的帮助!那些并非真正授权导向的东西,比如实施,如果开放的话只能关闭一家晚餐俱乐部,反之亦然,我还应该用康康来做这件事,还是您有更好的建议? – jokklan 2013-05-14 16:01:33

+0

我现在已经改写了很多我的能力逻辑,看起来好多了。不过,我仍然觉得CanCan不是我的授权类型的最佳选择...... – jokklan 2013-05-14 16:27:27

+0

你很可能想为此使用状态机。查看https://github.com/pluginaweek/state_machine。我相信Ryan Bates也有一个关于此的railscast,你也可以看看。 – Arjan 2013-05-14 16:32:19

相关问题

 相关问题