导轨和许多用户3公司账户,限制数据访问 [英] Rails 3 company account with many users, restrict access to data
问题描述
我想了解一下构建认证/授权我的应用程序的最佳途径。我想有
-
许多公司账户,可能使用子域
-
帐户拥有众多用户
-
和用户只能通过自己或与同一个帐户的另一个用户创建的访问记录。
我已经做了研究提供了大量的混合N'匹配的想法在神秘和奇妙的方式设计/康康舞/ authlogic结合,但我还没有找到任何这表明我来限制用户访问数据的最佳方式在同一个模型中。
因此,例如:
帐户1:欧亚
用户1:鲍勃
用户2:吉姆
帐户2:东亚
用户1:戴夫
用户2:阿伦
书号1:ACCOUNT_ID为1
2书号:ACCOUNT_ID 2
我如何确保鲍勃不能访问或CRUD书号2?
///更新
当然,现在我已经张贴了这个,我的谷歌赋已经踢我发现从RyanB为的惨惨2.0 ,这似乎是完美的:
>资源
如果你需要一个基于模型的改变授权
属性?你可以通过传递条件的哈希值作为最后一个这样做
参数即可。例如,如果希望只允许一个访问
他拥有你的项目可以设置:选择USER_ID解决方案我建议使用惨惨获得授权。
您的能力模型会看起来像
可以:管理:ISBN办|书号|
isbn.account == current_user.account
结束然后你可以使用像
CAN条件语句? :管理@post在你的控制器/浏览次数I'm wondering about the best way to structure authentication/authorization in my app. I want to have
many company accounts, possibly using subdomains
account has many users
and users can only access records that were created by themselves or another user with the same account.
The research I've done provides lots of mix n' match ideas for combining devise / cancan / authlogic in weird and wonderful ways, but I've yet to find anything which shows me the best way to restrict user access to data within the same model.
So for instance:
Account 1: Eurasia
User 1: Bob
User 2: Jim
Account 2: Eastasia
User 1: Dave
User 2: Alan
Isbn 1: account_id is 1
Isbn 2: account_id is 2
How do I make sure Bob can't access or crud Isbn 2?
///update Of course, now I've posted this, my google fu has kicked in and I've found the readme from RyanB for CanCan 2.0, which seems perfect:
> Resources
What if you need to change authorization based on a model's attributes? You can do so by passing a hash of conditions as the last argument to can. For example, if you want to only allow one to access projects which he owns you can set the :user_id option.
解决方案I'd suggest using CanCan for authorization.
Your Ability model would look something like
can :manage, :isbn do |isbn| isbn.account == current_user.account endThen you can use conditionals like
can? :manage, @postin your Controller/Views.这篇关于导轨和许多用户3公司账户,限制数据访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
