0

我正在尝试使用declarative_authorization gem 创建项目管理员和项目协作者角色。

我有一个名为“合作者”的表,它将用户保存到项目映射中。

楷模:

项目 

has_many :collaborators  
has_many :users, :through => :collaborators

用户

has_many :collaborators
has_many :projects, :through => :collaborators

合作者

belongs_to :user
belongs_to :project

我需要一些关于为 project_admin 和 project_collaborator 角色定义 dsl 的指导。我想出了以下几点:

authorization do
  role :guest do
    has_permission_on :users, :to => [:read]
  end

  role :project_admin do
    has_permission_on :projects, :to => :manage do
      if_attribute :project_admin => true
    end
  end

  role :admin do
    has_permission_on :users, :to => [:delete]
  end
end

privileges do
  privilege :manage do
    includes :create, :read, :update, :delete
  end
end

感谢任何建议/帮助。
谢谢!

4

1 回答 1

0

我更喜欢这样的东西,这样每个用户都可以成为项目管理员:

项目

has_many :collaborators  
has_many :users, :through => :collaborators 
belongs_to :admin, :table_name => 'users' # Maybe has_many?

授权规则.rb

authorization do
  role :guest do
    has_permission_on :users, :to => [:read]
  end

  role :user do
    has_permission_on :projects, :to => :create
    has_permission_on :projects, :to => :manage do
      if_attribute :admin => is { user }
    end
    has_permission_on :projects, :to => :read do
      if_attribute :collaborators => contains { user }
    end
    has_permission_on :files, :to => :manage do
      if_permitted_to :read, :project
    end
  end
end

privileges do
  privilege :manage do
    includes :create, :read, :update, :delete
  end
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end
于 2013-05-15T13:52:42.287 回答