设计问题(Ruby On Rails)
[英]Design Question (Ruby On Rails)
问题描述
In my system there are many types of users (4), based on the user that is logged in they have access to only certain information. 
在我的系统中有许多类型的用户(4),基于登录的用户,他们只能访问某些信息。
For example I am trying to do something like this in my Client model: 例如,我试图在我的客户端模型中执行类似的操作:
class Client
def self.allowed
if current_user.is_a?(SuperAdmin)
return self.all
elsif current_user.is_a?(Client)
return [current_user]
elsif current_user.is_a?(ClientAdmin)
return [current_user.client]
end
end
end
The problem is, it seems my model doesn't have access to the current_user helper method. 问题是,似乎我的模型无法访问current_user帮助器方法。 (undefined local variable or method `current_user' for #) (未定义的局部变量或方法`current_user'表示#)
I have 2 questions: 我有两个问题:
- How can I fix this 我怎样才能解决这个问题
- Should logic such as getting back the allowed client be done in the model? 是否应该在模型中完成返回允许的客户端等逻辑?
2 个解决方案
解决方案1
2 已采纳 2011-02-26 22:55:24
Using your methodology, I would define the method to allow passing in a user to check, as follows: 使用您的方法,我将定义允许传入用户进行检查的方法,如下所示:
class Client
def self.allowed(user)
if user.is_a?(SuperAdmin)
return self.all
elsif user.is_a?(Client)
return [user]
elsif user.is_a?(ClientAdmin)
return [user.client]
end
end
end
Then, your controllers can decide which user should be checked based on the action being performed (although this will usually be current_user , this will free up your implementation to work with any user, so if you decide to add functionaly that depends on that fact later you're covered). 然后,您的控制器可以根据正在执行的操作决定应该检查哪个用户(虽然这通常是current_user ,这将释放您的实现以与任何用户一起工作,因此如果您决定在以后添加依赖于该事实的功能你被保险了。
That being said, you should take at an authorization library; 话虽这么说,你应该去授权库; I personally really like CanCan . 我个人非常喜欢CanCan 。 It allows you to define authorizations in one place, using a style similar to the one you present here. 它允许您使用与此处提供的样式类似的样式在一个位置定义授权。 The author, Ryan Bates, has a great screencast on using CanCan . 作者Ryan Bates 对使用CanCan进行了精彩的截屏视频 。
解决方案2
0 2011-02-26 22:48:13
1. How can I fix this
I can't tell without seeing how you're attempting to access the method, but you might consider the following in your ApplicationController : 如果没有看到您尝试访问该方法的方法,我无法分辨,但您可能会在ApplicationController考虑以下内容:
before_filter :set_current_user
def set_current_user
Client.current_user = current_user
end
This provides a copy of the current_user in your Client model. 这会在您的Client模型中提供current_user的副本。
2. Should logic such as getting back the allowed client be done in the model?
Most authentication systems I've used have placed the current_user (or equivalent function) in the ApplicationController , and provided methods to protect specific controller actions from access by unauthorized users. 我使用过的大多数身份验证系统都将current_user (或等效函数)放在ApplicationController ,并提供了保护特定控制器操作不被未授权用户访问的方法。 After all it's the controllers that should decide which users are able to access their actions, not the models. 毕竟,控制器应该决定哪些用户能够访问他们的操作,而不是模型。
Generally speaking, if you're trying to access members/methods of your controller from within your model, you're doing it wrong - that's not how information is supposed to flow through an MVC app. 一般来说,如果您尝试从模型中访问控制器的成员/方法,那么您做错了 - 这不是信息应该通过MVC应用程序传递的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.