有许多基于角色的授权。 当你事先知道将发挥什么作用时,他们就做了大量工作。 例如,如果我知道Im会有管理人员、超级用户,而不是用户。
我真正想要的是能够发挥习俗作用,把这一作用分配给用户。 此时此刻,我只是想阻止根据用户的习俗作用接触控制人员/采取行动。 作用包括许可。
例如,Jane 单单单可以添加和观看植被,但她可以删除或ed。 John 能够补充、观点和编辑。 博斯可以补充、认为、编辑和删除。 我想能够检查用户是否获准进入一个控制器/行动:
user.is_authorized?
授权(或称呼)应足够明智,以确定用户是否根据其指定作用获得授权,以及该作用是否得到许可。
我感觉到了吗? 在那里是否有任何事情要做?
我将使用宣示性——授权,简单地为每项职能创造多重作用。
因此,对植被、更新、植被、植被(不同角色)具有特定的作用。
然后,仅仅将用户与多种角色联系起来,可以节省轮椅的修补。
Maybe Trial canard 。 它利用所有能动的许可,并增加作用。 我专门写了这个问题。
collection_select and select Rails helpers: Which one should I use? I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...
We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...
As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s) Which provides long strings like : ...
I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?
I have a these 3 models: class User < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_many :roles, :through => :permissions end class Permission < ActiveRecord::...
I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished? hash.to_xml
guys which text editor is good for Rubyonrails? i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor? n which one is best an ...
I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...