开发者

How to use RBAC (or access control) on Google App Engine?

问答 作者:

Has anyone used some RBAC (or other access control) in a GWT based project deployed in App Engine?

Or actually how to manage GWT-RPC calls to by role base开发者_JS百科d?

Or is it easier to only "send the code" to client browser based on user's login credentials?

Ideas, libraries, all is welcome!

Thank you

You could add a roles property to your user class:

class MyUser(db.Model):
  roles = db.ListProperty(db.Key)

class Role(db.Model):
  ...

Then, when you want to know whether a user can do something, do something like this:

if required_role in current_user.roles:
  do_the_thing()
else:
  warn_sternly()

What you need to model is who is in what roles. This is a many-to-many relationship (at least, in most applications). This is one way to implement such a relationship, but there are other ways, which may be more appropriate to your situation. Here's a page that has some advice on relationship modeling in App Engine: https://developers.google.com/appengine/articles/modeling

继续阅读:access-controlgwtrbac

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9