Screencast: Declarative Authorization

Benutzer-Authorisierung wird in vielen, wenn nicht sogar in den meisten, Applikationen benötigt. Wie dies umgesetzt werden kann zeigt Ryan in seinem dieswöchigen Screencast.

Dowload:
Download (36.4 MB, 15:27)
Alternative download für iPod & Apple TV (21.6 MB, 15:27)


Resourcen:

Quellcode:

[bash]
sudo rake gems:install
[/bash]

[ruby]
# config/environment.rb
config.gem "declarative_authorization", :source => "http://gemcutter.org"

# config/authorization_rules.rb
authorization do
role :admin do
has_permission_on [:articles, :comments], :to => [:index, :show, :new, :create, :edit, :update, :destroy]
end

role :guest do
has_permission_on :articles, :to => [:index, :show]
has_permission_on :comments, :to => [:new, :create]
has_permission_on :comments, :to => [:edit, :update] do
if_attribute :user => is { user }
end
end

role :moderator do
includes :guest
has_permission_on :comments, :to => [:edit, :update]
end

role :author do
includes :guest
has_permission_on :articles, :to => [:new, :create]
has_permission_on :articles, :to => [:edit, :update] do
if_attribute :user => is { user }
end
end
end

# application_controller.rb
before_filter { |c| Authorization.current_user = c.current_user }

protected

def permission_denied
flash[:error] = "Sorry, you are not allowed to access that page."
redirect_to root_url
end

# articles_controller.rb
filter_resource_access
[/ruby]

[html]
<!– articles/show.html.erb –>
<p>
<% if permitted_to? :edit, @article %>
<%= link_to "Edit", edit_article_path(@article) %> |
<% end %>
<% if permitted_to? :destroy, @article %>
<%= link_to "Destroy", @article, :method => :delete, :confirm => "Are you sure?" %> |
<% end %>
<%= link_to "Back to Articles", articles_path %>
</p>

<p>
<% if permitted_to? :edit, comment %>
<%= link_to "Edit", edit_comment_path(comment) %>
<% end %>
<% if permitted_to? :destroy, comment %>
| <%= link_to "Destroy", comment, :method => :delete, :confirm => "Are you sure?" %>
<% end %>
</p>

<!– articles/index.html.erb –>
<% if permitted_to? :create, Article.new %>
<p><%= link_to "New Article", new_article_path %></p>
<% end %>
[/html]

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.