CanCan中最安全,最Rails的方式来做Guest,User,Admin权限

Edw*_*ith 12 ruby-on-rails cancan ruby-on-rails-3

我对rails(3)相对较新,并且正在使用CanCan构建一个应用程序,其中有3层用户.

  • 访客 - 未注册的访客用户
  • 注册并登录访客
  • 管理员 - 使用管理员标志注册并登录访客

我的能力现在是bog-stock,从cancan docs复制,基本上定义了guest角色和admin角色

class Ability

    include CanCan::Ability

    def initialize(user)
        user ||= User.new # Guest user

        if user.is_admin?
            can :manage, :all
        else
            can :read, [Asana,Image,User,Video,Sequence]
        end
    end

end
Run Code Online (Sandbox Code Playgroud)

我想添加用户角色.由于我正在创建那个一次性用户模型,我想过使用new_record?确定用户是否已登录.就像是:

class Ability

    include CanCan::Ability

    def initialize(user)
        user ||= User.new # Guest user

        if !user.new_record? and user.is_admin?
            can :manage, :all
        elsif !user.new_record? and !user.is_admin?
            can {registered user-y permissions}
        else
            can :read, [Asana,Image,User,Video,Sequence]
        end
    end

end
Run Code Online (Sandbox Code Playgroud)

但是,它感觉不对.似乎有点与实际登录相关,并且担心它是否真正安全.

寻求更优雅的方式来做这个建议.

谢谢!

tom*_*sop 21

好问题,我使用较低到较高权限的方法:

class Ability  
  include CanCan::Ability  

  def initialize(user)
    # Guest User 
    unless user 
      can :read, [Asana,Image,User,Video,Sequence]
    else
      # All registered users
      can {registered user-y permissions}
      # Admins 
      if user.is_admin?
        can :manage, :all
      end
    end 
  end  
end
Run Code Online (Sandbox Code Playgroud)

这样,如果明天你有其他角色进行集成,你可以添加一个case语句,如下所示:

class Ability  
  include CanCan::Ability  

  def initialize(user)
    # Guest User 
    unless user 
      can :read, [Asana,Image,User,Video,Sequence]
    else
      # All registered users
      can {registered user-y permissions}
      # Different roles
      case user.role
      when 'admin'
        can :manage, :all
      when 'manager'
        can :manage, [Video, Image, Sequence]
      end
    end 
  end  
end
Run Code Online (Sandbox Code Playgroud)