Rails CanCan 和动态生成的能力
[英]Rails CanCan and dynamically generated Abilities
问题描述
I would like to use CanCan on top of a Mongoid based Rails 3 application.
我想在基于 Mongoid 的 Rails 3 应用程序之上使用 CanCan。 I would like to introduce general models for user, role and privilege.我想介绍用户、角色和权限的通用模型。 Essentially the authorization system shall authorize at a per action base.本质上,授权系统应在每个动作基础上进行授权。 Therefore we want to store action x roles privilege objects.因此我们要存储动作 x 角色权限对象。
Now when it comes to the ability DSL we could generate the abilities dynamically as an after_save hook in the proivilege model.现在,当涉及到能力 DSL 时,我们可以在权限 model 中动态生成能力作为 after_save 钩子。 But this results in a problem in production mode, cause these runtime changes only affect the server process where the privilege changes were made.但这会导致生产模式出现问题,因为这些运行时更改只会影响进行权限更改的服务器进程。
On the other hand one could reevaluate all (the users) abilities as before_filter in every controller.另一方面,可以像 before_filter 一样重新评估每个 controller 中的所有(用户)能力。 But that slowed down every request.但这减慢了每个请求。
Just now, we are undecided how to solve this problem.刚才,我们还没有决定如何解决这个问题。 I am thankful for every suggestion.我感谢每一个建议。
Regards Felix问候菲利克斯
1 个解决方案
解决方案1
0 2011-07-12 15:49:39
CanCan uses a simple authorization system based on a role column on the User model. CanCan 使用基于用户 model 上的角色列的简单授权系统。
Here are some good links: Abilities这里有一些很好的链接:能力
Role Based Authorization基于角色的授权
Why do you need to dynamically set up privileges?为什么需要动态设置权限? Unless you have a compelling reason to do so you are just introducing unnecessary complexity.除非您有令人信服的理由这样做,否则您只是在引入不必要的复杂性。 Just define the roles you need to with the correct abilities (you can do this on a controller/action basis with cancan) and then assign those roles upon creation/update.只需使用正确的能力定义您需要的角色(您可以使用 cancan 在控制器/操作的基础上执行此操作),然后在创建/更新时分配这些角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.