CANCAN =>管理员+代理+用户 [英] CANCAN => Admin + Agent + User
问题描述
需要帮助! :)
用例:
管理员可以在拥有 SuperAdmin角色时创建另一个管理员也可以创建代理
Use Case: Admin can create another admin when he have role of "SuperAdmin", Admin Can also Create "Agents"
用于管理模型的角色:
- SuperAdmin
- 管理员
管理员可以创建两个角色,也可以创建代理
Admin can create both the roles can create "Agents"
Agent可以创建用户,但是他将无法创建 Agent,并且他不应看到其他Agent创建的用户。他只有一个角色-代理
Agent can create "User" but he will not be able to create "Agents" and he should not see users created by other Agents. He has only one Role - "Agent"
现在的问题是:如何初始化 admin, agent & Ability中的用户是3种不同的模型?
Now the problem is : how to initialize "admin", "agent" & "user" in Ability as they are are 3 different models ?
class Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
can :read, Photo, Photo.unowned do |photo|
photo.groups.empty?
end
end
end
注意:用户在代理下我需要他们使用不同的模型
Note: Users are under Agent and Agents are under Admin.. I need them to be different models
推荐答案
嗯,我建议您定义基础角色像用户这样的模型。然后使用此创建用户层次结构。您的模型应该初始化角色。假设您创建了一个用户,则角色应类似于:user。任何尝试执行操作的用户(如果您的控制器定义正确)将经历初始化。
Well, I suggest you define your role in a base model like 'User'. Then use this to create a user hierarchy. Your model should initialize the role. Say you create a User, then the role should be something like :user. Any user that tries to perform an action will (if your controller is well defined) go through 'initialize'.
initialize方法不是初始化角色,而是规则
The initialize method is not to initialize the role but the rules for that particular role.
class Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role == :admin
can :read, Photo, Photo.unowned do |photo|
photo.groups.empty?
elsif user.role == :agent
# rules for agents
else
# rules for others
end
end
end
这篇关于CANCAN =>管理员+代理+用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
