[英]What is the best approach to setting up authentication\authorization system for corporate \ single user accounts in Rails?
I'm setting up a website where I have multiple types of users. 我正在建立一个拥有多种类型用户的网站。 For instance consider Amazon or CDW.
例如考虑亚马逊或CDW。 They have individual accounts, where a regular person can just buy a book or a computer, and they also have corporate accounts, that have multiple subusers that can do purchasing and a supervisor/superuser that can track spending on the whole account, but also close account of subusers or add new subusers for their account.
他们有个人帐户,普通人可以在其中购买书籍或计算机,也有公司帐户,有多个子用户可以进行购买,而主管/超级用户可以跟踪整个帐户的支出,但也可以关闭子用户帐户或为其帐户添加新的子用户。
I can obviously roll out my own system here, but would I be better of starting off with something like devise, authlogic or restful_authentication in conjunction with CanCan or similar authorization system? 我显然可以在这里部署自己的系统,但是从Canvas或类似的授权系统开始,例如devise,authlogic或restful_authentication之类的东西,我会更好吗? Or is there something like this out there already?
还是已经有类似的东西了? Anyone had any experience setting up something like this?
任何人都有类似这样的设置经验吗? What are the caveats?
有哪些警告?
Thanks 谢谢
I did some digging, and right now there is nothing like this available. 我做了一些挖掘,现在没有类似的东西可用。 At least not a as ready to use gem.
至少不是一个随时可用的宝石。 Most people seem to just roll their own.
大多数人似乎只是自己滚。 I'll do the same here.
我在这里也会做同样的事情。
PS: PS:
Not accepting the other answer as it is essentially the repeat of my question in a statement form. 不接受其他答案,因为它本质上是以陈述的形式重复我的问题。 One of my professors used to fail students if they tried to give him answers like this.
我的一位教授曾经试图让学生给这样的答案而使他们失败。
I would suggest using Devise (or similar) to authenticate users, and CanCan (or similar) to authorize their actions. 我建议使用Devise(或类似方法)对用户进行身份验证,并使用CanCan(或类似方法)对用户的操作进行授权。
Beyond that, you essentially roll your own. 除此之外,您还可以自己滚动。 You can have users belonging to accounts,
admin
boolean flags on user instances, etc. to determine what users are allowed to do. 您可以让用户属于帐户,用户实例上的
admin
布尔标志等,以确定允许用户执行的操作。 But definitely let Devise and CanCan do the heavy lifting. 但是,绝对要让Devise和CanCan做繁重的工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.