선언적으로 _Authorization의 포함 및 상속 된 리소스
문제
선언적으로 선언적으로 _AUTHORIZATION 및 Inherited_Resources GEMS가 설치된 Rails3 앱이 있습니다.내 앱에서 코드를 보여 드리겠습니다.
class Blog < ActiveRecord::Base
has_many :posts
has_many :memberships, :class_name => "BlogMembership"
has_many :subscribers, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::SUBSCRIBER} or blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
has_many :authors, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::AUTHOR} or blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
has_many :moderators, :through => :memberships, :source => :user, :conditions => "blog_memberships.membership_type = #{BlogMembership::MODERATOR}"
end
class Post < ActiveRecord::Base
belongs_to :blog, :counter_cache => true
belongs_to :author, :class_name => "User", :foreign_key => "user_id"
end
class BlogMembership < ActiveRecord::Base
belongs_to :user
belongs_to :blog
# Membership types:
SUBSCRIBER = 0
AUTHOR = 1
MODERATOR = 2
end
.
내 권한 부여 규칙 :
authorization do
role :guest do
description "Not logged in users and users not assigned to any group"
##### Blogs and Posts
has_permission_on :blogs, :to => [ :read, :list ]
has_permission_on :posts, :to => [ :read, :feed ]
has_permission_on :posts, :to => :flag if User.current
end
role :admin do
description "Administrators"
has_omnipotence # Can manage all
end
role :moderator do
description "Blog moderators"
includes [ :guest, :blogger ]
has_permission_on :posts, :to => :manage do
if_attribute :blog => { :moderators => contains { user } }
end
end
role :blogger do
description "Blog authors"
includes :guest
has_permission_on :posts, :to => :create do
if_attribute :blog => { :authors => contains { user } }
end
has_permission_on :posts, :to => :manage do
if_attribute :author => is { user }
end
end
end
privileges do
# default privilege hierarchies to facilitate RESTful Rails apps
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
.
posts / index.html.haml에서 를 사용합니다.
- if permitted_to? :create, :posts
.button.add-post
= link_to "New post", new_resource_path
.
및 내 posts_controller
class PostsController < InheritedResources::Base
respond_to :html
belongs_to :blog
filter_access_to :all
end
.
는 좋지만 작동하지 않습니다 : (
테스트 사용자는 블로그 중 하나에 대해 중재자의 회원 가입이 있지만 두 번째 블로그의 회원이 없으면 중재자의 역할을 보유하고 있습니다.
다음 규칙과 코드가있는 모든 사용자는 모든 블로그에서 게시물을 만들 수 있습니다.
블로그 작성자와 중재자 만 블로그에 게시물을 보내지 만 다른 블로그에 게시물을 보내지 않도록 변경해야 할 사항을 제발 알려주십시오.
해결책
Not so elegant way, but i solved it with following:
changed access filter in posts_controller:
filter_resource_access :nested_in => :blog
Added method to posts controller
protected
def new_post_for_collection @post = Blog.find(params[:blog_id]).posts.new end
Changes in index.html.haml
- if permitted_to? :create, @post .button.add-post = link_to "New post", new_resource_path
제휴하지 않습니다 StackOverflow