How to check for a role_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2022-12-17 11:51 出处：网络

I\'m a rails noob and first time poster here and am using declarative authorization in order to implement role base access restriction in a small timesheet app I am writing.

I'm a rails noob and first time poster here and am using declarative authorization in order to implement role base access restriction in a small timesheet app I am writing.

In one of my views, specifically the index.html.erb for my time_registers needs to display more information if the user who is logged in has the admin role assigned.

In the beginning I was just checking that user would be the one with id == 1

<% if @current_user.id == 1 %>

but now I'd like to be able to not restrict it to the user with id==1 but to allow any user who has had the admin role assigned to view a bit more in the index.html.erb file.

A bit how the model is set up with declarative_authorization

class User < ActiveRecord::Base
  has_many :assignments

class Role < ActiveRecord::Base
  has_many :assignments
  has_many :users, :through => :assignment

class Assignment < ActiveRecord::Base
  belongs_to :user
  belongs_to :role

My Authorizations file looks like this:

authorization do

  role :usuarios do
    has_permission_on :users, :to => [:index, :show, :new, :create, :edit, :update]
  end

  role :reghoras do
    has_permission_on :time_registers, :to => [:index, :show, :new, :create, :edit, :update]
    has_permission_on :users do
      to :show
      if_attribute :id => is {user.id}
    end
  end

  role :contactos do
    has_permission_on :contacts, :to => [:index, :show, :new, :create, :edit, :update]
    has_permission_on :users do
      to :show
      if_attribute :id => is {user.id}
    end
  end

  role :admin do
    has_permission_on :authorization_rules, :to => :re开发者_如何学JAVAad
    has_permission_on [:time_registers, :contacts, :users, :roles], :to => [:index, :show, :new, :create, :edit, :update, :destroy]
  end

  role :guest do
    has_permission_on [:time_registers, :contacts], :to => [:index, :show]
  end

end

Well, I am not sure what else would be needed to answer this question, so feel free to request more information.

OK, so I had looked throught the example and not found anything about this. But after checking the API again I did find something that worked.

I exchanged all instances of

<% if @current_user.id == 1 %>

for

<% if has_role?(:admin) %>

Just in case someone happens to come by wanting help on this same issue, the following is the page in the API where I found the function mentioned above:

http://www.tzi.org/~sbartsch/declarative_authorization/master/

There's not much description to it, but looking at the source one can see that it checks if the current user has a specific role passed to the function. That's how I figured to just use the function directly.

I wonder if what I am doing is actually the right way to go about implementing an admin page or if I maybe should implement the admin view separate from the view for the general users and not in the same file??. So far I have not found any discussion on how to do this.