问题描述

我正在使用rolify，并且刚刚意识到我并没有真正利用它的全部潜力.

Hi I'm using rolify and have just realized that I'm not actually taking advantage of it's full potential.

目前，我正在执行控制器中的操作，例如在 p>

When I want to have predetermined Roles and Permissions, I use Rolify in conjunction with Nathan Long's Authority, to get delightfully flexible Class-based Permissions via Authorizer classes.

Roles和Permissions都可以基于类，也可以基于实例，这取决于您的用例.可以说，利用刚刚发现的rolify的能力，可以决定Users仅在某些基于实例的情况下可以充当Role.或者，如果User的常规Roles试图执行的 对象是某种类型的对象，则只能执行 .

Both Roles and Permissions can be either class-based or instance-based, depending on your use-case. You can, say, with the abilities of rolify you've just discovered, decide that Users may only act as a Role in certain, instance-based circumstances. Or, general Roles of User may only be able to execute an action given the object they are trying to action is of a certain type.

假设采用博客应用程序，按照公式探索这些排列

To explore the permutation of these, assuming a blog application, following the formula

一个/c Role class/instance的User可以action一个/an/all/any/that(class/instance)Permission:

a User who is a/an Role class/instance can action a/an/all/any/that (class/instance) Permission:

• Role类和Permission类:

作为Admin的User可以delete任何Post.

Role类和Permission实例:

作为Admin的User可以edit所有Posts that they approved to be published

如果已发布的帖子具有指向User id的approved_by字段，则将更容易. (使用状态机 宝石针对这种情况.

This would be easier if published posts had an approved_by field pointing to a User id. (Use a state machine gem for this sort of situation.

Role实例和Permission类:

an Author of a Post的User可以在任何Post

请注意，这种情况很少见，这就是为什么我上面没有提到可以处理这种情况的原因，除了可能具有同时处理诸如Rolify和Authority之类的预定情况的能力之外；或者，如果您必须将此决定传递给客户，则可以使用您自己的自定义解决方案.

Note that this sort of situation is rare, which is why there are no gems I've mentioned above to handle this situation, except for perhaps the ability to manage predetermined circumstances like Rolify and Authority in conjunction; or, if you must pass this decision on to your client, your own custom solution.

Role实例和Permission实例:

an Author of a Post的User可以edit那个Post.

TL; DR:

• Rolify仅用于角色:将Users按Permission分组:访问控制器操作.您尚未决定如何管理Permissions.

• Rolify is just for roles: grouping Users by Permission: access to a controller action. You have yet to decide how you are going to manage Permissions.

我希望这有助于您了解Rolify在 authentication 和 authorization 的宏伟计划中的位置！

I hope this helps your understanding of Rolify's position in the grand scheme of authentication and authorization!

这篇关于Rolify的目的是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！