可以获取所有动态权限。

huangapple go评论76阅读模式
英文:

cancancan get all dynamic permissions

问题

我正在编写一个API,需要向API用户公开所有可用的权限,包括ID和其他信息。

我有以下的结构:

class User < ApplicationRecord
  has_many :permissions, dependent: :destroy
end

class Permission < ApplicationRecord
  belongs_to :user, dependent: :destroy
end

我有一个名为Ability的类:

class Ability
  include CanCan::Ability

  def initialize(user)
    user_permissions(user)
    dynamic_permissions(user)
  end

  def user_permissions(user)
    can :manage, :dashboard if user.admin?
  end

  def dynamic_permissions(user)
    user.permissions.each do |permission|
    #...
      next branch_permissions(permission) if permission.subject_class == 'branch'
    end
  end

  def branch_permissions(permission)
    can permission.action.to_sym, Branch, id: permission.allowed_ids
  end

在控制器中,我想要实现所有权限 => cancannot 对于该用户可能的方式。我已经检查了文档,并找到了#permissions。但这不适用于我对分支(dynamic permissions)的动态权限。

因此,我期望以cancancan的方式完成以下操作,提供伪代码:

  Ability.new(User.find(params[:id]).dynamic_permissions =>
  # {:can=>{:manage=>{"dashboard"=>[]}, :read=>{"Branch"=>['id1', 'id2']}, :index=>{"Branch"=>['id1', 'id2']}, :show=>{"Branch"=>['id1', 'id2']}}, :cannot=>{}}

当前的#permissions cancancan方法只返回硬编码到ability文件的静态权限,缺少所有动态评估。

{:can=>{:manage=>{"dashboard"=>[]}, :read=>{"Branch"=>[]}, :index=>{"Branch"=>[]}, :show=>{"Branch"=>[]}}, :cannot=>{}}

我知道我可以修改并编写自定义方法来获取所有这些内容,但我想知道实现这一目标的通用方法是什么。

英文:

I'm writing API where I need to expose all available permissions with ids and other info to an api user.

I have the following structure

class User < ApplicationRecord
  has_many :permissions, dependent: :destroy
end

class Permission < ApplicationRecord
  belongs_to :user, dependent: :destroy
end

and I have ability


class Ability
  include CanCan::Ability

  def initialize(user)
    user_permissions(user)
    dynamic_permissions(user)
  end

  def user_permissions(user)
    can :manage, :dashboard if user.admin?
  end

  def dynamic_permissions(user)
    user.permissions.each do |permission|
    #...
      next branch_permissions(permission) if permission.subject_class == 'branch'
    end
  end

  def branch_permissions(permission)
    can permission.action.to_sym, Branch, id: permission.allowed_ids
  end

and in controller I want to achieve all permissions => can and cannot possible for that user. I have checked docs already and found #permissions. But that doesn't work for dynamic permissions that I have for branch

So I expect the following to be done in cancancan way, providing pseudo-code

  Ability.new(User.find(params[:id]).dynamic_permissions =>
  # {:can=>{:manage=>{"dashboard"=>[]}, :read=>{"Branch"=>['id1', 'id2']}, :index=>{"Branch"=>['id1', 'id2']}, :show=>{"Branch"=>['id1', 'id2']}}, :cannot=>{}}

Current #permissions cancancan method returns only static permissions that are hardcoded to ability file missing all dynamic evaluation.

{:can=>{:manage=>{"dashboard"=>[]}, :read=>{"Branch"=>[]}, :index=>{"Branch"=>[]}, :show=>{"Branch"=>[]}}, :cannot=>{}}

I know I can modify and write custom method that will fetch all of that, but I'm wondering what is accepted approach achieving this.

答案1

得分: 0

ok,这实际上很简单。阅读源代码有助于。

  def branch_permissions(permission)
    can permission.action.to_sym, Branch, id: permission.allowed_ids.map(&:to_sym)
  end

这个方法 parse_attributes_from_extra_args 会将符号视为内部状态的属性,然后在权限中显示为我所期望的。您可以将这些符号序列化为字符串。

# Ability.new(User.find(params[:id]).permissions
=> {:can=>{:manage=>{"dashboard"=>[]}, :read=>{"Branch"=>[:id1, :id2]}, :index=>{"Branch"=>['id1', 'id2']}, :show=>{"Branch"=>[:id1, :id2]}}, :cannot=>{}}
英文:

ok, it was actually simple. Reading sources helped.

  def branch_permissions(permission)
    can permission.action.to_sym, Branch, id: permission.allowed_ids
  end

this code should be changed to

  def branch_permissions(permission)
    can permission.action.to_sym, Branch, id: permission.allowed_ids.map(&:to_sym)
  end

This method parse_attributes_from_extra_args will treat symbols as attributes for internal state, and then in permissions will show this as I expected. You can serialize those symbols to string then

#  Ability.new(User.find(params[:id]).permissions
=> {:can=>{:manage=>{"dashboard"=>[]}, :read=>{"Branch"=>[:id1, :id2]}, :index=>{"Branch"=>['id1', 'id2']}, :show=>{"Branch"=>[:id1', :id2]}}, :cannot=>{}}

huangapple
  • 本文由 发表于 2023年6月29日 00:02:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/76574913.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定