Rails declarative_authorization project_admin角色

Question

我正在尝试使用declarative_authorization gem创建项目管理员和项目协作者角色。

我有一个名为'合作者'的表，它将用户保存到项目映射中。

型号：

项目

has_many :collaborators 
has_many :users, :through => :collaborators 

用户

has_many :collaborators 
has_many :projects, :through => :collaborators 

合作者

belongs_to :user 
belongs_to :project 

我需要定义project_admin和project_c的DSL一些指导作者角色。 我想出了以下内容：

authorization do 
    role :guest do 
    has_permission_on :users, :to => [:read] 
    end 

    role :project_admin do 
    has_permission_on :projects, :to => :manage do 
     if_attribute :project_admin => true 
    end 
    end 

    role :admin do 
    has_permission_on :users, :to => [:delete] 
    end 
end 

privileges do 
    privilege :manage do 
    includes :create, :read, :update, :delete 
    end 
end 

欣赏任何建议/帮助。
谢谢！

Answer 1

我宁愿这样的事情让每一个用户可以成为一个项目管理：

项目

has_many :collaborators 
has_many :users, :through => :collaborators 
belongs_to :admin, :table_name => 'users' # Maybe has_many? 

authorization_rules.rb

authorization do 
    role :guest do 
    has_permission_on :users, :to => [:read] 
    end 

    role :user do 
    has_permission_on :projects, :to => :create 
    has_permission_on :projects, :to => :manage do 
     if_attribute :admin => is { user } 
    end 
    has_permission_on :projects, :to => :read do 
     if_attribute :collaborators => contains { user } 
    end 
    has_permission_on :files, :to => :manage do 
     if_permitted_to :read, :project 
    end 
    end 
end 

privileges do 
    privilege :manage do 
    includes :create, :read, :update, :delete 
    end 
    privilege :read, :includes => [:index, :show] 
    privilege :create, :includes => :new 
    privilege :update, :includes => :edit 
    privilege :delete, :includes => :destroy 
end