堆栈内存溢出
  简体   繁体   English

在Rails中为公司\\单用户帐户设置身份验证\\授权系统的最佳方法是什么?

[英]What is the best approach to setting up authentication\authorization system for corporate \ single user accounts in Rails?

 原文  2011-01-11 21:35:14       ruby-on-rails/ authlogic/ devise/ restful-authentication/ cancan

问题描述

I'm setting up a website where I have multiple types of users. 我正在建立一个拥有多种类型用户的网站。 For instance consider Amazon or CDW. 例如考虑亚马逊或CDW。 They have individual accounts, where a regular person can just buy a book or a computer, and they also have corporate accounts, that have multiple subusers that can do purchasing and a supervisor/superuser that can track spending on the whole account, but also close account of subusers or add new subusers for their account. 他们有个人帐户,普通人可以在其中购买书籍或计算机,也有公司帐户,有多个子用户可以进行购买,而主管/超级用户可以跟踪整个帐户的支出,但也可以关闭子用户帐户或为其帐户添加新的子用户。

I can obviously roll out my own system here, but would I be better of starting off with something like devise, authlogic or restful_authentication in conjunction with CanCan or similar authorization system? 我显然可以在这里部署自己的系统,但是从Canvas或类似的授权系统开始,例如devise,authlogic或restful_authentication之类的东西,我会更好吗? Or is there something like this out there already? 还是已经有类似的东西了? Anyone had any experience setting up something like this? 任何人都有类似这样的设置经验吗? What are the caveats? 有哪些警告?

Thanks 谢谢

2 个解决方案

解决方案1
 1 已采纳  2011-01-14 00:12:58

I did some digging, and right now there is nothing like this available. 我做了一些挖掘,现在没有类似的东西可用。 At least not a as ready to use gem. 至少不是一个随时可用的宝石。 Most people seem to just roll their own. 大多数人似乎只是自己滚。 I'll do the same here. 我在这里也会做同样的事情。

PS: PS:

Not accepting the other answer as it is essentially the repeat of my question in a statement form. 不接受其他答案,因为它本质上是以陈述的形式重复我的问题。 One of my professors used to fail students if they tried to give him answers like this. 我的一位教授曾经试图让学生给这样的答案而使他们失败。

解决方案2
 0  2011-01-11 21:48:27

I would suggest using Devise (or similar) to authenticate users, and CanCan (or similar) to authorize their actions. 我建议使用Devise(或类似方法)对用户进行身份验证,并使用CanCan(或类似方法)对用户的操作进行授权。

Beyond that, you essentially roll your own. 除此之外,您还可以自己滚动。 You can have users belonging to accounts, admin boolean flags on user instances, etc. to determine what users are allowed to do. 您可以让用户属于帐户,用户实例上的admin布尔标志等,以确定允许用户执行的操作。 But definitely let Devise and CanCan do the heavy lifting. 但是,绝对要让Devise和CanCan做繁重的工作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Rails身份验证和授权-最佳方法? - Rails Authentication and Authorization - Best approach? 用户身份验证支持Rails,NOT授权 - User authentication support for Rails, NOT authorization Ruby on Rails CRUD和用户身份验证和授权模块 - Ruby on Rails CRUD and User authentication and authorization module 在Rails应用程序中,此用户类型系统的最佳设计是什么? - What would be the best design for this user types system in a Rails app? 使用Devise in Rails组织Admin / Teacher / Student用户帐户的最佳方法是什么? - What is the best way to organize Admin/Teacher/Student user accounts with Devise in Rails? 监控 Rails 中站点性能的最佳方法是什么 - What is the best approach to monitor site performance in rails 使用 SendGrid 和 Rails 发送时事通讯 - 什么是最好的方法? - Sending newsletters with SendGrid and Rails - What is the best approach? 无需身份验证的安全Rails 3 MultiStep订单的最佳方法 - Best approach for a secure Rails 3 MultiStep Order Form without authentication 移动应用&lt;-&gt; Rails应用授权/身份验证的最佳解决方案 - Best solution for mobile app <-> Rails app authorization/authentication 分布式系统的认证和授权 - Authentication and authorization for distributed system
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM