如何在Google App Engine上使用RBAC（或访问控制）？ [英] How to use RBAC (or access control) on Google App Engine?

问题描述

有人在部署于以下位置的基于GWT的项目中使用了 RBAC （或其他访问控制）是App Engine吗？

还是实际上如何通过基于角色的方式管理对GWT-RPC的调用？

Has anyone used some RBAC (or other access control) in a GWT based project deployed in App Engine?
Or actually how to manage GWT-RPC calls to by role based?

还是仅发送代码会更容易

Or is it easier to only "send the code" to client browser based on user's login credentials?

想法，库，欢迎使用！

谢谢

推荐答案

您可以在用户类中添加一个Roles属性：

You could add a roles property to your user class:

class MyUser(db.Model):
  roles = db.ListProperty(db.Key)

class Role(db.Model):
  ...

然后，当您想知道用户是否可以执行某项操作时，请执行以下操作这个：

Then, when you want to know whether a user can do something, do something like this:

if required_role in current_user.roles:
  do_the_thing()
else:
  warn_sternly()

您需要建模的角色是谁。这是一个多对多的关系（至少在大多数应用程序中）。这是实现这种关系的一种方法，但还有其他方法可能更适合您的情况。以下是有关App Engine中关系建模的一些建议的页面： https://developers.google.com / appengine / articles / modeling

What you need to model is who is in what roles. This is a many-to-many relationship (at least, in most applications). This is one way to implement such a relationship, but there are other ways, which may be more appropriate to your situation. Here's a page that has some advice on relationship modeling in App Engine: https://developers.google.com/appengine/articles/modeling

这篇关于如何在Google App Engine上使用RBAC（或访问控制）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！