Have a look at the cancan gem. An (older) railscast can be found here
Example from github:
<% if can? :create, Project %>
<%= link_to "New Project", new_project_path %>
<% end %>
题
I'm working on new application with many users, a few roles and specific permissions for those roles. I would like to know the best practices to implement RBAC.
My requirements are:
I will have set of roles assigned to users say,
user1=superadmin, user2=admin, user3=expert
Based on user role I have to restrict:
1. Html pages (links in home page).
2. Data in all pages. (like some level of data abstraction).
3. Html elements in few pages. (for eg: some buttons, labels..etc., will be visible to user3).
Is there a framework to go ahead with?
Any advise is very appreciated!
NOTE: We will using either rails/java to develop app.
解决方案
Have a look at the cancan gem. An (older) railscast can be found here
Example from github:
<% if can? :create, Project %>
<%= link_to "New Project", new_project_path %>
<% end %>
其他提示
You can use Casbin: https://casbin.org/
It supports Java and Javascript to do frontend and backend authorization.
in this period I've created a new Open Source project related the RBAC:
microservice-rbac-user-management
You can find an RBAC apis and model here ready to use and with all the documentation. I hope this will help you.