轨道4授权宝石 [英] Rails 4 authorization gem

问题描述

我要寻找轨道4授权的宝石。
以前我用过的康康舞，但它看起来过时的时下...

I am looking an authorization gem for rails 4. Before I used cancan, but it looks outdated nowadays...

我发现这里the_role https://github.com/the-teacher/the_role
这几乎是我想要的，但有一些恼人的问题。也许类似的宝石存在吗？我需要的角色，角色商店与规则数据库和结社的行动。这伤口是巨大的，如果创业板与引导合作。

I found the_role here https://github.com/the-teacher/the_role It is nearly what I want, but has a few annoying issues. Maybe similar gems exist? I need roles, store roles in database and association actions with rules. It wound be great if gem cooperate with bootstrap.

P.S。为了验证我使用的光辉。

P.S. For authentication I use devise.

推荐答案

CanCanCan

惨惨是由Ryan贝茨（用于RailsCasts最有名的）开发授权流行的宝石与之前的Rails释放被遗弃4.0。由于它的普及，以社区为基础的 CanCanCan 项目保持惨惨的更新版本。惨惨提供隔离在一个单一的能力类的所有授权逻辑的DSL（领域特定语言）。

CanCan was a popular gem for authorization developed by Ryan Bates (best known for RailsCasts) and abandoned prior to the release of Rails 4.0. Due to its popularity, the community-based CanCanCan project maintains an updated version of CanCan. CanCan provides a DSL (domain-specific language) that isolates all authorization logic in a single Ability class.

权威人士

借助权威人士宝石日益普及Rails的授权。权威人士是使用简单的Ruby对象的访问规则的授权体系。权威人士采用了命名的文件夹的应用程序/政策/ 的含纯Ruby对象实现访问规则。

The Pundit gem is gaining in popularity for Rails authorization. Pundit is an authorization system that uses simple Ruby objects for access rules. Pundit uses a folder named app/policies/ containing plain Ruby objects that implement access rules.

CanCanCan或权威人士或？

作为应用生长在复杂性，康康舞能力类可以增长笨拙。此外，每个授权请求需要的全部能力惨惨类的评价，增加性能开销。权威人士还提供了分离的访问规则到一个中央位置，保持控制器瘦的优势。权威人士策略对象是轻量级的，添加授权逻辑，而尽可能多的开销惨惨。

As an application grows in complexity, the CanCan Ability class can grow unwieldy. Also, every authorization request requires evaluation of the full CanCan Ability class, adding performance overhead. Pundit also offers the advantage of segregating access rules into a central location, keeping controllers skinny. Pundit policy objects are lightweight, adding authorization logic without as much overhead as CanCan.

简单的角色为基础的授权

使用Rails 4.1，您可以使用活动记录枚举实现基于角色的授权。您可以使用CanCanCan或权威人士保持控制器瘦，如果您的访问规则是复杂的，但对于简单的要求，你可能不需要CanCanCan或权威人士。

With Rails 4.1, you can implement role-based authorization using Active Record Enum. You can use CanCanCan or Pundit to keep controllers skinny if your access rules are complex but for simple requirements, you may not need CanCanCan or Pundit.

我写了一篇文章 Rails的授权 的进入更多细节，比较CanCanCan和权威人士和简单的基于角色的授权。

I've written an article on Rails Authorization that goes into more detail, comparing CanCanCan and Pundit and simple role-based authorization.

这篇关于轨道4授权宝石的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！