开发者

Setting User priveledges using declarative auth

问答 作者:

I'm trying to decide on the privileges for my moderator role.

All he should be able to do is to send messages to all users subscribed to his channel and to modify the page for it.

Here is what I have:

role :moderator do
    has_permissions_on[:message], :to=> [:index, :show, :new, :create,:edit,:update,:destroy]
    has_permissions_on[:channel], :to=> [:index, :show, :edit, :updat开发者_StackOverflowe]
  end

i would suggest first that you define some privileges like

privileges do
  privilege :crud do
    includes :show, :index, :create, :edit, :update, :delete
  end

  privilege :read_only do
   includes :show, :index
  end
end

based in what you said for example, i would check more the Authorization::Reader API for example, to allow admin to destroy messages just sent by him (unless he is able to destroy messages from other users, but it you didn't say nothing about)

继续阅读:authenticationruby-on-railswindows

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9