Ember SimpleAuth验证对受保护资源的访问 [英] Ember SimpleAuth authenticate access to protected resources
问题描述
App.Router.map(function(){
this.resource('organization',{path: /:orgname'},function(){
this.route('foo');
this.route('bar');
});
});
我希望用户能够查看任何组织,但如果用户有管理员对组织的权限。
组织可以根据服务器处理的一些棘手的逻辑进行编辑。用户模型具有组织属性以反映这些管理员权限。这反映在组织对象中。在服务器上,它的多对多表加上一些其他逻辑。
App.User = DS.Model.extend {
primaryKey:'username',
fullname:DS.attr('string'),
用户名:DS.attr('string'),
组织:DS.hasMany ('organization',{async:true})
});
App.Organisation = DS.Model.extend({
primaryKey:'orgname',
orgname:DS.attr('string'),
fullname: DS.attr('string',{defaultValue:'Unnamed Organization'}),
描述:DS.attr('string'),
用户:DS.hasMany('user',{async: true}),
});
我正在使用Ember SimpleAuth通过登录页面进行身份验证,并授权对我的API的请求。我使用自定义会话来加载认证用户的数据。
var CustomSession = SimpleAuth.Session.extend({
user:function(){
var username = this.get('username');
if(!Ember.isEmpty(username)){
return this.container.lookup 'store:main')find('user',username);
}
} .property('username')
});
我有一个这样的控制器,使属性可以在我的模板中编辑。
App.OrganisationController = Ember.Controller.extend({
actions:{
ToggleEditFullname:function(){
this .set('editingFullname',!this.get('editingFullname'));
},
save:function(){
this.set('editingFullname',false);
return true;
}
}
});
所以在我的模板我做这样的事情...
{{#if editingFullname}}
{{view Ember.TextField valueBinding =model.fullnameplaceholder =Full name}}
< a href =#>< i {{action'ToggleEditFullname'}} class =fa fa-timestitle =cancel>< / i>< / a>
{{else}}
{{#if model.fullname}}
{{model.fullname}}
{{else}}
没有提供名称。 ..
{{/ if}}
{{#if session.isAuthenticated}}
< a href =#>< i {{action'ToggleEditFullname'}} class =fa fa-penciltitle =edit name>< / i>< / a>
{{/ if}}
{{/ if}}
关键是 {{#if session.isAuthenticated}} 语句。这确保用户只有在登录后才能访问受限功能。
到目前为止都很正常(我想)。
但是,我想能够询问我的会话是否授权当前用户访问有关组织。所以我想将 {{#if session.isAuthenticated}} 更改为 {{#if session.isAuthorised}} 并且根据我的数据检查当前模型/路线。
我最好如何做?有更好的选择吗?如何单独保护资源?
P.S。对我的英文拼写授权抱歉,
您想要从每个组织进行计算,以便它是准确的在每个模型的基础上。所以更改
{{#if session.isAuthenticated}}
to
{{#如果model.userCanAdminister}}
然后,您可以直接计算模型定义(这可能不适合您的异步情况,但可以可行),如下所示: http://emberjs.com/guides/models / define-models /#toc_defining-attributes
或者你可以从 itemController 我如何做异步)这个逻辑应该很简单。检查当前用户是否包含在组织的用户集合中。从计算的属性返回一个布尔值。将该属性绑定到 session.isAuthenticated 然后 users。@ each.content 或组织中可能发生的任何变化
希望有帮助!
I have an app where users can edit organisations in various 'pages'.
App.Router.map(function() {
this.resource('organisation', {path: '/:orgname'}, function () {
this.route('foo');
this.route('bar');
});
});
I want users to be able to view any organisation but the various pages should become editable if the user has admin rights over the organisation.
Organisations are editable based on some tricky logic handled by the server. The user model has an organisations attribute to reflect these admin rights. This is mirrored in the organisation object. On the server its a many-to-many table plus some other logic.
App.User = DS.Model.extend({
primaryKey: 'username',
fullname: DS.attr('string'),
username: DS.attr('string'),
organisations: DS.hasMany('organisation', {async: true})
});
App.Organisation = DS.Model.extend({
primaryKey: 'orgname',
orgname: DS.attr('string'),
fullname: DS.attr('string', {defaultValue: 'Unnamed Organisation'}),
description: DS.attr('string'),
users: DS.hasMany('user', {async: true}),
});
I am using Ember SimpleAuth to authenticate via a login page and to authorise requests to my API. I use a custom session to load in data for the authenticated user.
var CustomSession = SimpleAuth.Session.extend({
user: function() {
var username = this.get('username');
if (!Ember.isEmpty(username)) {
return this.container.lookup('store:main').find('user', username);
}
}.property('username')
});
I have a controller like this which makes attributes editable in my template.
App.OrganisationController = Ember.Controller.extend({
actions: {
ToggleEditFullname: function() {
this.set('editingFullname', !this.get('editingFullname'));
},
save: function() {
this.set('editingFullname', false);
return true;
}
}
});
So in my template I do something like this...
{{#if editingFullname}}
{{view Ember.TextField valueBinding="model.fullname" placeholder="Full name"}}
<a href="#"><i {{action 'ToggleEditFullname'}} class="fa fa-times" title="cancel"></i></a>
{{else}}
{{#if model.fullname}}
{{model.fullname}}
{{else}}
No name provided...
{{/if}}
{{#if session.isAuthenticated}}
<a href="#"><i {{action 'ToggleEditFullname'}} class="fa fa-pencil" title="edit name"></i></a>
{{/if}}
{{/if}}
The key being the {{#if session.isAuthenticated}} statement. This ensures that users only get access to the restricted features if they are logged in.
All pretty normal so far (I think).
However, I want to be able to ask my session whether the current user is authorised to access the organisation in question. So I'd like to change the {{#if session.isAuthenticated}} to {{#if session.isAuthorised}} and have it check the current model/route against my data.
How can I best do this? Is there a better alternative? How do I protect resources individually?
P.S. Apologies for my English spelling of 'authorized'.
You'd want to compute from each organization so that it will be accurate on a per-model basis. So change
{{#if session.isAuthenticated}}
to
{{#if model.userCanAdminister}}
Then you can compute that straight off the model definition (this is probably not suitable for your async case, but could be workable) as seen here: http://emberjs.com/guides/models/defining-models/#toc_defining-attributes
Or you can do it from the itemController (how I would do it for async). The logic for that should be pretty simple. Check if the current user is contained in the organization's user collection. Return a boolean from the computed property. Have that property bound to session.isAuthenticated and then users.@each.content or whatever might change in the organization in real-time.
Hope that helps!
这篇关于Ember SimpleAuth验证对受保护资源的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
