1

我正在使用 Rails 4、设计、角色模型和 CanCanCan。

是否可以在ability.rb 中定义许多角色共有的能力?

例如,每个登录用户都可以 CRUD 自己的个人资料页面吗?然后角色在通用能力之上还有特定的能力?

这是如何运作的?我是否需要在角色模型中为通用能力创建一个角色,然后允许每个用户拥有多个角色,以便他们获得通用能力以及角色特定能力?

例如,在我的能力.rb 中,我有:

class Ability
  include CanCan::Ability

  def initialize(user)

      alias_action :create, :read, :update, :destroy, :to => :crud


    # Define abilities for the passed in user here. For example:
    #
    user ||= User.new # guest user (not logged in)

      #users who are not signed in can create registration or login 

      # can read publicly available projects, programs and proposals
      can :read, Project, {:active => true, :closed => false, :sweep => { :disclosure => { :allusers => true } } }

      # {:active => true, :closed => false  &&  :Project.sweep.disclosure.allusers => true}
      # if user role is student

      if user_signed_in?
        can :crud, Profile, :user_id => user.id #[for themselves]


      elsif user.try(:profile).present? && user.profile.has_role?(:student)

所以,我希望学生能够阅读客人可以阅读的相同内容。有没有办法说学生可以做新用户和登录用户可以做的所有事情(以及学生的特定能力)?

4

3 回答 3

2

您可以通过这样的函数调用在您的角色中进行一种组合

class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    user ||= User.new # guest user (not logged in)

      #users who are not signed in can create registration or login

      # can read publicly available projects, programs and proposals

      # {:active => true, :closed => false  &&  :Project.sweep.disclosure.allusers => true}
      # if user role is student

      if user_signed_in?
        if user.try(:profile).present? && user.profile.has_role?(:student)
          student
        else
          authenticated
        end
      else
        anonymous
      end
  end

  def anonymous
      can :read, Project, {:active => true, :closed => false, :sweep => { :disclosure => { :allusers => true } } }
  end

  def authenticated
    anonymous
    can :crud, Profile, :user_id => user.id #[for themselves]
  end

  def student
    authenticated
    #other student abilities
  end
  #other roles follow the same principal
  def teacher
    authenticated
  end
end

authenticated函数将包含任何角色的通用能力,并且每个需要它的角色都会调用(这是一种继承,任何学生都可以做经过身份验证的用户可以做的事情以及他的能力)

于 2015-09-03T09:29:44.493 回答
1

我在这里添加了一个示例能力类以供您理解。您可以轻松理解代码并阅读注释。您的代码似乎不好,我可以指出一件事,您不应该通过 管理角色profile,您应该使用userfor assign 或 manage roles

如果您想为一组用户提供相同的能力,那么您可以使用这种类型的||条件user.has_role?(:role_one) || user.has_role?(:role_two)并通过能力块作为can :manage, [SomeClassName, SomeClassName]

    class Ability
      include CanCan::Ability

      def initialize(user)

        user ||= User.new

        #Only same user can mange his Profile
        can :manage, [Profile], :user_id => user.id

        #Give rule wise permission
        if user.admin?
          can :manage, :all
        elsif user.has_role?(:some_role_name)
          can :manage, [SomeClassName]
        elsif user.has_role?(:role_one) || user.has_role?(:role_two)
          can :manage, [SomeClassName, SomeClassName]
        else
          can :read, :all
        end

      end
    end

希望这将帮助您完成任务。

于 2015-09-03T08:24:12.770 回答
0

我正在使用这个https://github.com/ryanb/cancan/wiki/Role-Based-Authorization#alternative-role-inheritance对我来说很好

于 2015-09-03T07:50:59.173 回答