declarative_authorization的包含性和遗传资源

我有安装declarative_authorization和inherited_resources宝石Rails3中的应用。让我告诉你，从我的应用程序的一些代码：declarative_authorization的包含性和遗传资源

class Blog < ActiveRecord::Base 
    has_many :posts 
    has_many :memberships, :class_name => "BlogMembership" 

    has_many :subscribers, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::SUBSCRIBER} or blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}" 
    has_many :authors, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}" 
    has_many :moderators, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::MODERATOR}" 
end 


class Post < ActiveRecord::Base 
    belongs_to :blog, :counter_cache => true 
    belongs_to :author, :class_name => "User", :foreign_key => "user_id" 
end 


class BlogMembership < ActiveRecord::Base 
    belongs_to :user 
    belongs_to :blog 

    # Membership types: 
    SUBSCRIBER = 0 
    AUTHOR = 1 
    MODERATOR = 2 
end

我的授权规则：

authorization do 
    role :guest do 
    description "Not logged in users and users not assigned to any group" 

    ##### Blogs and Posts 
    has_permission_on :blogs, :to => [ :read, :list ] 

    has_permission_on :posts, :to => [ :read, :feed ] 
    has_permission_on :posts, :to => :flag if User.current 
    end 

    role :admin do 
    description "Administrators" 
    has_omnipotence # Can manage all 
    end 

    role :moderator do 
    description "Blog moderators" 

    includes [ :guest, :blogger ] 

    has_permission_on :posts, :to => :manage do 
     if_attribute :blog => { :moderators => contains { user } } 
    end 
    end 

    role :blogger do 
    description "Blog authors" 

    includes :guest 
    has_permission_on :posts, :to => :create do 
     if_attribute :blog => { :authors => contains { user } } 
    end 
    has_permission_on :posts, :to => :manage do 
     if_attribute :author => is { user } 
    end 
    end 
end 

privileges do 
    # default privilege hierarchies to facilitate RESTful Rails apps 
    privilege :manage, :includes => [:create, :read, :update, :delete] 
    privilege :read, :includes => [:index, :show] 
    privilege :create, :includes => :new 
    privilege :update, :includes => :edit 
    privilege :delete, :includes => :destroy 
end

在帖子

/index.html.haml我使用

- if permitted_to? :create, :posts 
    .button.add-post 
    = link_to "New post", new_resource_path

，并在我的posts_controller

class PostsController < InheritedResources::Base 
    respond_to :html 

    belongs_to :blog 
    filter_access_to :all 
end

看起来不错，但确实ñ逾时工作:(

测试用户有主持人与主持人对博客的一个成员的作用，但没有第二个博客的任何成员。

随着下面的规则，并与主持人角色的任何用户代码可以在任何博客创建帖子。

你能告诉我请 - 我需要改变只允许博客作者和主持人对他们的博客，但不发帖子到其他博客？

来源

2011-02-17 Alexey Poimtsev

不那么优雅的方式，但我解决它与以下：

在posts_controller更改访问过滤器：

filter_resource_access：nested_in =>：博客
添加方法Posts控制器

保护

DEF new_post_for_collection @post = Blog.find（PARAMS [：blog_id]）posts.new 端
变化index.html.haml
- 如果permitted_to。？：创建，@post .button.add-后 =的link_to “新帖”，new_resource_path

来源

2011-02-21 21:09:30

declarative_authorization的包含性和遗传资源

回答

相关问题