Ruby 中的自定义 gem `active_admin` On rails
[英]Custom gem `active_admin` in Ruby On rails
问题描述
Currently, I am working on a project using gem active_admin to act as site admin.
目前,我正在开发一个使用 gem active_admin作为站点管理员的项目。 Now I receive a request like this:现在我收到这样的请求:
On the admin page, there will be a new user type super_admin , this user can create many companies, each company will have a manager (also created by super_admin ).在管理页面,会新建一个用户类型super_admin ,这个用户可以创建很多公司,每个公司都会有一个经理(也是由super_admin创建的)。
The manager of company A will login to the admin site (with the account created in step 1), you can only operate on the objects of company A, similar to company B, C, D... A公司的经理登录管理站点(使用步骤1创建的帐户),您只能对A公司的对象进行操作,类似于B公司,C,D ...
I do not know how to implement this logic with gem active_admin, can you give me suggestions on how to do or keywords to handle logic like this with active_admin gem?我不知道如何用 gem active_admin 实现这个逻辑,你能给我一些建议,告诉我如何用 active_admin gem 处理这样的逻辑吗?
1 个解决方案
解决方案1
0 已采纳 2021-01-22 11:25:57
You could use ActiveAdmin's authorization adapter to achieve this.您可以使用 ActiveAdmin 的授权适配器来实现这一点。
By defining your own authorization adapter, you can have a check in your authorized?通过定义你自己的授权适配器,你可以检查你的authorized? method to see if the subject (the record that's being accessed) belongs to the current_user 's company and only return true if the user has access.方法来查看subject (正在访问的记录)是否属于current_user的公司,并且仅在用户具有访问权限时才返回true 。 This way, you can also limit certain actions to be only available for the super admin.这样,您还可以将某些操作限制为仅对超级管理员可用。
AcitveAdmin then uses your authorization adapter to only show the related records to the admins and they can only edit or delete those records. AcitveAdmin 然后使用您的授权适配器只向管理员显示相关记录,他们只能编辑或删除这些记录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.