开发者

Rails multi level model security

开发者 https://www.devze.com 2022-12-29 01:47 出处:网络
I have the need to do the following in Rails to mirror a desktop application: a User and an Office \'owns\' a record, if you don\'t own the record on a user or office level you\'re kicked into the pu

I have the need to do the following in Rails to mirror a desktop application:

a User and an Office 'owns' a record, if you don't own the record on a user or office level you're kicked into the public realm.

user gets read,write,delete to the model record office gets read/write/delete to the model record other or public gets read/write/delete to the model record

开发者_如何学Python

e.g.

UserA owns a model record with read/write/delete OfficeA owns a model with read/write other/public gets read

I was wondering if a plugin/gem existed to grant this functionality?


You need an authorization framework like cancan or declarative_authorization for that.


Good if somewhat old survey of plugins here: http://steffenbartsch.com/blog/2008/08/rails-authorization-plugins/ (last updated 2009)

Sounds like you want one that works at the model level. So choose one that has a "yes" in the "M" column.


I recommend using Grant. It's an easy to use, though fairly bare-bones, model-level security framework. I describe in a little more detail in this answer.

0

精彩评论

暂无评论...
验证码 换一张
取 消