Max*_*Max 4 ruby-on-rails ruby-on-rails-3
我正在尝试在我的网络应用程序中实现原始权限系统,我想知道你们都认为检查控制器权限的最佳方法.当我开始编写应用程序时,我原本以为使用before_filter是个好主意,我的代码最终看起来像这样:
before_filter :authenticate, :only => [:new, :create, :show, :edit, :update, :destroy, :delete]
before_filter :check_league_existence
before_filter :check_league_relation_existence, :except => [:new, :create, :index]
before_filter :check_ownership, :only => [:delete, :destroy]
before_filter :check_user_joinability, :only => [:new, :create]
before_filter :require_moderator, :only => [:edit, :update]
我的过滤器看起来像这样:
def check_league_relation_existence
raise ActiveRecord::RecordNotFound.new('Not Found') unless current_league_relation && current_league.league_relations.include?(current_league_relation)
end
def check_ownership
raise ActionController::RoutingError.new('You do not own this league relation. Permission Denied.') unless current_league_relation.user == current_user || current_user_league_relation.moderator?
end
现在这个系统在某种程度上确实有效,但是它有很多问题.其中最大的两个是:1)很难理解发生了什么,因为有太多的过滤器,2)我不知道如何为此编写功能测试,因为在测试未授权时总是会收到错误访问.有没有人有更好的方法来检查权限?