Rails 4 用户角色和权限 [英] Rails 4 user roles and permissions

问题描述

我正在为一个组织编写一个 Rails 应用程序.每个用户可能有 1 个或多个角色，并且只能根据这些角色访问某些控制器操作.

I am writing a rails application for an organization. Every user may have 1 or more roles and can only access certain controller actions depending on those roles.

例如，只有 admins 可以创建、销毁和更新 User 的某些字段.此外，还有Team，每个都有一个团队负责人，只有团队负责人可以更新Team<的某些信息/code>(例如成员列表).但是，Admins 是首先分配团队负责人的人.

For example, only admins can create, destroy and update certain fields of Users. Also, there are Teams which each have a team leader, and only the team leader can update certain information about the Team (like the member list, for example). However, Admins are the one who assign the team leader in the first place.

我的场景的具体细节并不重要，我只是希望我描述了有许多不同角色和权限的情况.

The specific details of my scenario are not important, I merely hope I described the situation where there are many different roles and permissions.

我的问题是:使用什么 gem?我的第一个想法是 CanCan，但最后一次提交几乎是一年前，并且没有提到 Rails 4 兼容性.是否有目前维护的替代方案?

My question is: what gem to use? My first thought was CanCan, but the last commit was almost a year ago and there is no mention of Rails 4 compatibility. Is there a currently maintained alternative?

推荐答案

你第一次猜对了，使用 cancancan 并且你会很好的.

Your first guess was right, use cancancan and you'll be good with it.

我已经使用 cancancan 很长时间了，而且它总是很好用.我最近开始从事一个项目，其中 Pundit 用于授权.

I've been using cancancan for a long time now and it was always working great. I've recently started working on a project where Pundit is used for authorization.

太棒了.它提示你为每个资源定义策略，感觉比一个臃肿的能力类更自然.

It is awesome. It prompts you to define the policy for each resource and it feels more natural than one bloated Ability class.

对于更大的项目，我肯定会推荐 Pundit.

For bigger projects, I would definitely recommend Pundit.

这篇关于Rails 4 用户角色和权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！