[英]Rails CanCanCan resource abilities based on department
我有兩種用戶類型: 管理員和普通用戶
我有以下部門
我有一個名為Entry的模型,該模型需要user_id,department_id,customer_id
管理員用戶可以完全控制所有部門和所有條目的 CRUD
為各個部門創建普通用戶 ,並具有對各個部門條目的CRU控制
當我從普通用戶 (例如,id為2)帳戶創建條目時,我在表中獲得了正確的customer_id,department_id,user_id集。 該用戶的能力只有一個條目can_create_entry(current_user.id,customer_id,department_id),例如,用於前台普通用戶帳戶的(1、1、2)。
當我創建管理員的條目 (例如,ID為1)的帳戶,我得到在表中的customer_id,DEPARTMENT_ID,USER_ID為(1,1,1)文我試圖創建一個后台管理部門的ID是一款入門2。
當我檢查管理員用戶的“能力”列表時; 我發現有一個重復的條目能力,即
#<CanCan::Rule:0x0000000b61fd18 @match_all=false, @base_behavior=true, @actions=[:create], @subjects=[Entry(Table doesn't exist)], @conditions={:user_id=>1, :customer_id=>2, :department_id=>1}, @block=nil>
#<CanCan::Rule:0x0000000b61fd18 @match_all=false, @base_behavior=true, @actions=[:create], @subjects=[Entry(Table doesn't exist)], @conditions={:user_id=>1, :customer_id=>2, :department_id=>2}, @block=nil>
#<CanCan::Rule:0x0000000b61fd18 @match_all=false, @base_behavior=true, @actions=[:create], @subjects=[Entry(Table doesn't exist)], @conditions={:user_id=>1, :customer_id=>2, :department_id=>3}, @block=nil>
對於普通用戶,我只有一個條目
#<CanCan::Rule:0x0000000b61fd18 @match_all=false, @base_behavior=true, @actions=[:create], @subjects=[Entry(Table doesn't exist)], @conditions={:user_id=>2, :customer_id=>2, :department_id=>1}, @block=nil>
請幫助我解決管理員角色的問題。
編輯: capability_base.rb
class AbilityBase
include CanCan::Ability
...
def can_read_entries(customer_id, department_id)
can :read, Entry, :customer_id => customer_id, :department_id => department_id
end
def can_create_entries(customer_id, department_id,user_id)
can :create, Entry, :customer_id => customer_id, :department_id => department_id, :user_id => user_id
end
def can_update_entries(customer_id, department_id, user_id)
can :update, Entry, :customer_id => customer_id, :department_id => department_id, :user_id => user_id
end
def can_destroy_entries(customer_id, department_id)
can :destroy, Entry, :customer_id => customer_id, :department_id => department_id
end
...
end
user_ability.rb
class UserAbility < AbilityBase
def initialize(current_user)
if current_user
user_department_type_names = {}
@customer = current_user.customer
@user_type = current_user.user_type
current_user_dept = current_user.departments
@user_department_ids = current_user_dept.collect(&:id)
@user_department_type_ids = current_user_dept.collect { |dept|
dept_type = dept.department_type
user_department_type_names["#{dept_type.type_name}"] = dept.id
dept_type.id
}
...
if user_department_type_names.has_key?("FRONT_OFFICE")
dept_id = user_department_type_names["FRONT_OFFICE"]
if @user_type == "NORMAL_USER"
can_read_entries(customer.id, dept_id)
can_create_entries(customer.id, dept_id, user_id)
can_update_entries(customer.id, dept_id, user_id)
elsif @user_type == "ADMIN"
can_read_entries(customer.id, dept_id)
can_create_entries(customer.id, dept_id, user_id)
can_update_entries(customer.id, dept_id, user_id)
can_destroy_entries(customer.id, dept_id)
end
elsif user_department_type_names.has_key?("BACK_OFFICE")
dept_id = user_department_type_names["BACK_OFFICE"]
if @user_type == "NORMAL_USER"
can_read_entries(customer.id, dept_id)
can_create_entries(customer.id, dept_id, user_id)
can_update_entries(customer.id, dept_id, user_id)
elsif @user_type == "ADMIN"
can_read_entries(customer.id, dept_id)
can_create_entries(customer.id, dept_id, user_id)
can_update_entries(customer.id, dept_id, user_id)
can_destroy_entries(customer.id, dept_id)
end
elsif user_department_type_names.has_key?("ADMIN")
dept_id = user_department_type_names["ADMIN"]
if @user_type == "NORMAL_USER"
can_read_entries(customer.id, dept_id)
can_create_entries(customer.id, dept_id, user_id)
can_update_entries(customer.id, dept_id, user_id)
elsif @user_type == "ADMIN"
can_read_entries(customer.id, dept_id)
can_create_entries(customer.id, dept_id, user_id)
can_update_entries(customer.id, dept_id, user_id)
can_destroy_entries(customer.id, dept_id)
end
end
...
end
end
end
我為此使用了一些不同的方法:
class UserAbility
include CanCan::Ability
attr_accessor :user
def initialize(user)
@user = user
can :read, Entry, do |entry|
is_admin || (is_normal_user && Entry.where(id, entry.id, customer_id: @user.customer_id, dept_id: user.departments.ids).exists?
end
private
def is_normal_user
user.user_type == 'NORMAL_USER'.freeze
end
def is_admin
user.user_type == 'ADMIN'.freeze
end
end
當然這只是一個模板
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.