Rails 3 公司帐户有很多用户，限制对数据的访问 [英] Rails 3 company account with many users, restrict access to data

问题描述

我想知道在我的应用中构建身份验证/授权的最佳方式.我想要

I'm wondering about the best way to structure authentication/authorization in my app. I want to have

• 许多公司帐户，可能使用子域

• many company accounts, possibly using subdomains

帐户有很多用户

和用户只能访问由他们自己或具有相同帐户的其他用户创建的记录.

and users can only access records that were created by themselves or another user with the same account.

我所做的研究提供了许多混合搭配的想法，用于以奇怪而美妙的方式组合设计/cancan/authlogic，但我还没有找到任何可以向我展示限制用户访问数据的最佳方式的东西同一型号内.

The research I've done provides lots of mix n' match ideas for combining devise / cancan / authlogic in weird and wonderful ways, but I've yet to find anything which shows me the best way to restrict user access to data within the same model.

例如:

账户 1:欧亚大陆

用户 1:鲍勃

用户 2:吉姆

账户 2:东亚

用户 1:戴夫

用户 2:艾伦

Isbn 1:account_id 为 1

Isbn 1: account_id is 1

Isbn 2:account_id 是 2

Isbn 2: account_id is 2

我如何确保 Bob 无法访问或破坏 Isbn 2?

How do I make sure Bob can't access or crud Isbn 2?

////更新当然，现在我已经发布了这个，我的 google fu 已经开始了，我从 RyanB 找到了自述文件 CanCan 2.0，看起来很完美:

///update Of course, now I've posted this, my google fu has kicked in and I've found the readme from RyanB for CanCan 2.0, which seems perfect:

如果您需要根据模型的授权更改授权怎么办属性?您可以通过将条件散列作为最后一个传递来实现论据可以.例如，如果您只想允许一个人访问他拥有的项目，您可以设置 :user_id 选项.

What if you need to change authorization based on a model's attributes? You can do so by passing a hash of conditions as the last argument to can. For example, if you want to only allow one to access projects which he owns you can set the :user_id option.

推荐答案

我建议使用 CanCan 进行授权.

I'd suggest using CanCan for authorization.

你的能力模型看起来像

can :manage, :isbn do |isbn|
  isbn.account == current_user.account
end

那你可以像那样使用条件语句吗?:manage, @post 在你的控制器/视图中.

Then you can use conditionals like can? :manage, @post in your Controller/Views.

这篇关于Rails 3 公司帐户有很多用户，限制对数据的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！