2

使用 rails 的 delcarative_authorization gem,是否有允许角色访问所有控制器操作的快捷方式?

privileges do
  # default privilege hierarchies to facilitate RESTful Rails apps
  privilege :manage, :includes => [:create, :read, :update, :delete]
end

还不够,因为我的控制器中的控制方法不仅仅是 CRUD。

就像是:

  role :foo do
    has_permission_on :bar, :to =>[:all]
  end

会很完美,但我在文档中找不到它。

4

2 回答 2

0

我认为没有简单的方法存在。该线程讨论了一种可能的方法:检查“主”角色并完全绕过过滤。

于 2010-12-26T22:43:21.397 回答
0

我使用这样的东西:

privileges do
  # default privilege hierarchies to facilitate RESTful Rails apps
  privilege :manage, :includes => [:create, :read, :update, :delete]
  method_names =  Bar.action_methods.to_a
  meths = method_names - %w{create read update delete}
  privilege :all_others, :includes => meths.map{|m| m.to_sym}
end

role :foo do
  has_permission_on :bar, :to =>[:manage,:all_others]
end

虽然像:

privileges do
  # default privilege hierarchies to facilitate RESTful Rails apps
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :all, :includes => Bar.action_methods
end

role :foo do
  has_permission_on :bar, :to =>[:all]
end

可能更适合您的要求

于 2014-10-02T14:39:55.767 回答