根据Ember.js中的权限注册路由的最佳做法是什么?
[英]What is the best practice to register routes based on permissions in Ember.js?
问题描述
In my Ember application, I have a map of routes and CRUD permissions that is returned from the server. 
在我的Ember应用程序中,我有一个从服务器返回的路由和CRUD权限的映射。 If a user doesn't have read access to a page, I can easily exclude the menu item but for Create and Update operations I need to make some changes in router.js. 如果用户没有对页面的读访问权限,我可以轻松地排除菜单项,但是对于创建和更新操作,我需要在router.js中进行一些更改。
So currently this is the router I have: 所以目前这是我的路由器:
import Ember from 'ember';
import config from './config/environment';
const Router = Ember.Router.extend({
location: config.locationType
});
Router.map(function () {
this.route('product-types', function () {
this.route('view', {path: '/:product-type_id'});
this.route('edit', {path: '/:product-type_id/edit'});
});
this.route('products');
this.route('members', function () {
this.route('view', {path: '/:member_id'}, function () {
this.route('member-accounts', function () {
this.route('new');
});
});
this.route('edit', {path: '/:member_id/edit'});
this.route('new');
});
this.route('tasks', function () {
this.route('view', {path: '/:task_id'});
});
});
export default Router;
So I wish somehow to be able to simply not register the route to :new and or :edit if the user doesn't have the right permissions: 因此,如果用户没有正确的权限,我希望能够以某种方式简单地将路由注册到:new和or:edit:
this.route('product-types', function () {
if(permission['product-types'].edit()) {
this.route('edit', {path: '/:product-type_id/edit'});
}
});
But I'm looking for a better solution as the routes are growing in huge numbers. 但我正在寻找一个更好的解决方案,因为这些路线正在大量增长。 So I'd like to perhaps customize this Ember's router to do this automatically. 所以我想自定义这个Ember的路由器来自动执行此操作。 Is that possible? 那可能吗?
The other problem is Delete. 另一个问题是删除。 Because Delete doesn't have any specific route I'd like to be able to pass that permission to each model by default automatically so that each model checks if delete is possible or not and then hide the delete button. 因为Delete没有任何特定路由,所以我希望能够自动将该权限传递给每个模型,以便每个模型检查是否可以删除,然后隐藏删除按钮。
I am not worry about a user hacks the js files and enables the pages and tries to access the forbidden pages because they can't do anything as the server will stop them and will check all the permissions but I want here a mechanism to hide/display pages, buttons based on permissions. 我不担心用户破解js文件并启用页面并尝试访问禁止页面,因为它们无法执行任何操作,因为服务器将停止它们并将检查所有权限但我想在此处隐藏/显示页面,基于权限的按钮。 Any help is appreciated. 任何帮助表示赞赏。
1 个解决方案
解决方案1
3 已采纳 2016-05-05 11:09:49
I think you'll be able to solve a lot of your problems with mixins. 我想你能用mixin解决很多问题。 For your routing permissions, I recommend you have a look at ember-simple-auth's UnauthenticatedRouteMixin . 对于您的路由权限,我建议您查看一下ember-simple-auth的UnauthenticatedRouteMixin 。 Here is some of the related code : 以下是一些相关代码 :
export default Ember.Mixin.create({
/**
The session service.
@property session
@readOnly
@type SessionService
@public
*/
session: service('session'),
/**
Checks whether the session is authenticated and if it is aborts the current
transition and instead transitions to the
{{#crossLink "Configuration/routeIfAlreadyAuthenticated:property"}}{{/crossLink}}.
__If `beforeModel` is overridden in a route that uses this mixin, the route's
implementation must call `this._super(...arguments)`__ so that the mixin's
`beforeModel` method is actually executed.
@method beforeModel
@param {Transition} transition The transition that lead to this route
@public
*/
beforeModel(transition) {
if (this.get('session').get('isAuthenticated')) {
transition.abort();
Ember.assert('The route configured as Configuration.routeIfAlreadyAuthenticated cannot implement the UnauthenticatedRouteMixin mixin as that leads to an infinite transitioning loop!', this.get('routeName') !== Configuration.routeIfAlreadyAuthenticated);
this.transitionTo(Configuration.routeIfAlreadyAuthenticated);
} else {
return this._super(...arguments);
}
}
});
The delete button issue you should be able to solve with either another mixin where you check permission in a delete action, or add a mixin to components that inject permission related logic, or a combination of sorts.. 您应该能够使用另一个mixin来解决删除按钮问题,您可以在其中检查删除操作中的权限,或者将mixin添加到注入权限相关逻辑的组件,或者组合排序。
You can try using a service that will contain the permissions for the current user, and some calculations based on those, which you inject into the necessary component. 您可以尝试使用包含当前用户权限的服务,以及基于那些注入必要组件的计算。 Which could be a delete button or a form component or something, and toggle the delete button display on the form component. 可以是删除按钮或表单组件等,并切换表单组件上的删除按钮显示。 That would look something like this: 这看起来像这样:
//services/permissions.js
export default Ember.Service.extend({
hasPermission: Ember.computed('permissions', function(){
return true/false // permission logic here
})
})
//components/component-permissions
export default Ember.Component.extend({
permissions: Ember.inject.service(),
hasPermission: Ember.computed.alias('permissions.hasPermission')
});
//templates/components/components-permissions
{{#if hasPermission}}
<button class='i-am-a-delete-button'>Delete</button>
{{/if}}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.