问题
I want to add "Sharing documents" feature to my app, like in google documents service. As i see:
User can:
- can list/view/create/edit/delete own documents
- share own document to everyone - its a public document
- share own document to another user with read-only access
- share own document to another user with read-write access
- view list of own documents and users to whom he gave permission to read and write
- view list of foreign documents
- view/edit foreign document with read/write permissions
Please tell me, which permission/authorization solution is preffered for my task?
回答1:
You can look at some authorization plugins available here:
http://www.ruby-toolbox.com/categories/rails_authorization.html
As for object level authorization/permission, it looks like canable can do this:
http://github.com/jnunemaker/canable
From the example in the readme:
class Article
include MongoMapper::Document
include Canable::Ables
userstamps! # adds creator and updater
def updatable_by?(user)
creator == user
end
def destroyable_by?(user)
updatable_by?(user)
end
end
You could also define a viewable_by? method. You would still need some kind of permission fields or association on the document model, but after that you could use canable to simplify authorization in your controller/views.
来源:https://stackoverflow.com/questions/2463962/rails-object-based-permission-authorization-engine