在本集中,我们将介绍从最简单到更复杂的场景的不同授权方法。
# Terminal
rails g migration add_role_to_users role:integer
# AddRoleToUsers Migration
class AddRoleToUsers < ActiveRecord::Migration[7.0]
def change
add_column :users, :role, :integer, default: 0, limit: 1
end
end
# models/user.rb
enum role: {
normal: 0,
admin: 1
}
# users_controller.rb
def user_params
allowed_attributes = [:email, :name]
if user_signed_in? && current_user.admin?
allowed_attributes << :role
end
params.require(:user).permit(allowed_attributes)
end
# Usage
# Terminal
rails g model role name reference access:integer
rails g model user_role user:belongs_to role:belongs_to
# CreateRoles Migration
class CreateRoles < ActiveRecord::Migration[7.0]
def change
create_table :roles do |t|
t.string :name
t.string :reference
t.integer :access, limit: 1, default: 0
t.timestamps
end
end
end
# db/seeds.rb
admin = User.create(email: "
# models/role.rb
class Role < ApplicationRecord
has_many :user_roles, dependent: :destroy
enum access: {
viewable: 0,
createable: 1,
editable: 2,
no_access: 3
}
end
# models/user_role.rb
class UserRole < ApplicationRecord
belongs_to :user
belongs_to :role
end
# models/user.rb
class User < ApplicationRecord
# Rails Console
user.can_edit?(post)
user.can_create?(post)
user.can_edit?(Post)
user.can_create?(Post)
# helpers/application_helper.rb
module ApplicationHelper
def can_edit?(resource)
return false unless user_signed_in?
current_user.can_edit?(resource)
end
def can_create?(resource)
return false unless user_signed_in?
current_user.can_create?(resource)
end
end
# views/posts/index.html.erb
<%= link_to "Edit", edit_post_path(post) if can_edit?(post) %>
