开发者

How to use RBAC (or access control) on Google App Engine?

开发者 https://www.devze.com 2023-02-24 09:12 出处：网络

Has anyone used some RBAC (or other access control) in a GWT based project deployed in App Engine? Or actually how to manage GWT-RPC calls to by role base开发者_JS百科d?

相关专题：access-control gwt rbac

Has anyone used some RBAC (or other access control) in a GWT based project deployed in App Engine?

Or actually how to manage GWT-RPC calls to by role base开发者_JS百科d?

Or is it easier to only "send the code" to client browser based on user's login credentials?

Ideas, libraries, all is welcome!

Thank you

You could add a roles property to your user class:

class MyUser(db.Model):
  roles = db.ListProperty(db.Key)

class Role(db.Model):
  ...

Then, when you want to know whether a user can do something, do something like this:

if required_role in current_user.roles:
  do_the_thing()
else:
  warn_sternly()

What you need to model is who is in what roles. This is a many-to-many relationship (at least, in most applications). This is one way to implement such a relationship, but there are other ways, which may be more appropriate to your situation. Here's a page that has some advice on relationship modeling in App Engine: https://developers.google.com/appengine/articles/modeling