Rails 5，Rolify -角色分配策略

Question

我不太擅长学习如何编码。我已经尝试了4年，还在努力找出基本的概念。

我还没有找到正确的起点，所以，我一直在填补可能是基础的东西，但我还不知道它们。

我有一个Rails 5应用程序。它有用户模型、角色模型、app_roles模型和assign_roles模型。

这些协会是：

用户

rolify strict: true # strict means you get true only on a role that you manually add
  attr_accessor :current_role
belongs_to :organisation

角色

has_and_belongs_to_many :users, :join_table => :users_roles

  belongs_to :resource,
             :polymorphic => true,
             :optional => true

AppRole

注意:这是我用来使用CRUD来定义应用程序可以用来给用户分配角色的角色的资源。

赋值角色

注意:这是我用来允许一些用户为其他用户分配角色的资源。

组织

has_many :users

我用的是玫瑰色宝石。

我的用户模型有：

class User < ApplicationRecord
  rolify strict: true # strict means you get true only on a role that you manually add
  attr_accessor :current_role

“我的角色”表有：

class Role < ApplicationRecord
  has_and_belongs_to_many :users, :join_table => :users_roles

  belongs_to :resource,
             :polymorphic => true,
             :optional => true

  validates :resource_type,
            :inclusion => { :in => Rolify.resource_types },
            :allow_nil => true

  scopify
end

在我的assign_roles控制器中，我有：

  class Users::AssignRolesController < ApplicationController

  before_action :authenticate_user!

  def index
    # if @current_user.is_admin?
      @app_roles = AppRole.all
    # else
    #   @app_roles = AppRole.where(category: relevant_category)
    # end

    # if @current_user.is_admin?
        @users = User.all
   #  else 
      #   @users = current_user.organisation.users.select { |u| u.id != current_user.organisation.owner_id }
    # end  
  end


  def create
    user = User.find(params[:users])
    role = AppRole.find(params[:roles])
    # organisation = Organisation.first
    # @organisation = Organisation.find(@current_user.organisation)
     # byebug

    user.add_role role.display_name, @current_user.organisation

    flash[:notice] = "Successfully created"
    redirect_to action: :index
  end

  def show
    # @users = User.joins(:profiles).where('profiles.organisation_id = ?' @current_user.organisation.id)
    # @users = User.all
    @current_user.organisation.users
  end

  def update
  end

  def destroy

    user = User.find(params[:users])
    # role = AppRole.find(params[:roles])
    assigned_role = user.roles
    # user_roles = user.roles
    # organisation = Organisation.first
    # byebug

    user.remove_role assigned_role.name, @current_user.organisation

    flash[:notice] = "Successfully created"
    redirect_to action: :index
  end

end

在我的路线档案里，我有：

resources :users, shallow: true do
    scope module: :users do
      resources :assign_roles
      resources :identities
    end
  end 

在我的视图/用户/赋值_角色/索引文件中，我有：

<%= form_tag(url: '/assign_roles', method: :post ) do |f| %>
    <div class="row" style="margin-top:50px; margin-bottom: 150px">
    <div class="col-md-3 col-md-offset-1">
       <%= select_tag "users", options_from_collection_for_select(@users, "id", "full_name"), { class: "chosen-select form-control" } %>
    </div>

                        <!-- # roles -->

    <div class="col-md-3 col-md-offset-1">
        <%= select_tag "roles", options_from_collection_for_select(@app_roles, "id", "display_name"), :class => 'chosen-select form-control' %>
    </div>

    <div class="col-md-3 col-md-offset-1">
        <div class="form-actions">
            <%= submit_tag(value = "Submit") %>
        </div>
    </div>
</div>
<% end %>

到目前为止，一切看起来都还好。我被困在下一部分了。

在我的视图/用户/赋值_角色/show.html.er中

我试图在视图中显示每个用户的角色。我希望分配任何现有角色的用户能够删除它们。

我有：

<% @users.each do |user| %>

      <td><%= user.roles.count %></td>
       <% user.roles.each do |role| %>
           <td><%= role.name.titleize %></td>
            <td><%= link_to 'Destroy', role, method: :delete, data: { confirm: 'Are you sure?' } %></td>
         <% end %>
    <% end %>

我的assign_roles控制器保存在应用程序/控制器/用户文件夹中。我的用于分配角色的视图文件夹保存在app/view/user/_ roles中

当我尝试使用app/user/4/ AppRoles表单时，我将使用可分配的AppRoles列表来呈现表单。我没有收到任何错误信息。相反，我得到了关于成功创作的通知。然而，当我试图检查一个用户是否有一个角色时，我会出错。

我可以看到服务器日志如下所示：

Started POST "/users/4/assign_roles?method=post&url=%2Fassign_roles" for ::1 at 2016-10-23 11:50:11 +1100
Processing by Users::AssignRolesController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"U80gMQd01SaTcHHnnSFxvRc2u9JvJMFB+5smS9SaN8ZRixQvJRTMbutG0KkoqXL+oMU1aOxX8AURBtuy2Rm5yA==", "users"=>"4", "roles"=>"3", "commit"=>"Submit", "method"=>"post", "url"=>"/assign_roles", "user_id"=>"4"}
  User Load (0.8ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 4], ["LIMIT", 1]]
  User Load (0.5ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2  [["id", 4], ["LIMIT", 1]]
  AppRole Load (0.2ms)  SELECT  "app_roles".* FROM "app_roles" WHERE "app_roles"."id" = $1 LIMIT $2  [["id", 3], ["LIMIT", 1]]
  Organisation Load (0.4ms)  SELECT  "organisations".* FROM "organisations" ORDER BY "organisations"."id" ASC LIMIT $1  [["LIMIT", 1]]
  Role Load (1.1ms)  SELECT  "roles".* FROM "roles" WHERE "roles"."name" = $1 AND "roles"."resource_type" = $2 AND "roles"."resource_id" = $3 ORDER BY "roles"."id" ASC LIMIT $4  [["name", "sdfddd"], ["resource_type", "Organisation"], ["resource_id", 1], ["LIMIT", 1]]
   (0.2ms)  BEGIN
   (0.1ms)  ROLLBACK
  HABTM_Roles Load (0.4ms)  SELECT "users_roles".* FROM "users_roles" WHERE "users_roles"."user_id" = $1  [["user_id", 4]]
  Role Load (0.3ms)  SELECT  "roles".* FROM "roles" WHERE "roles"."id" = $1 LIMIT $2  [["id", 1], ["LIMIT", 1]]
   (0.5ms)  SELECT "roles".id FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1  [["user_id", 4]]
  Role Load (0.3ms)  SELECT "roles".* FROM "roles" WHERE "roles"."id" = 1
  Role Load (0.4ms)  SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = $1  [["user_id", 4]]
Redirected to http://localhost:3000/users/4/assign_roles
Completed 302 Found in 33ms (ActiveRecord: 6.5ms)

我不知道回滚行是什么意思，但我不认为当事情正常工作时，这些日志消息中通常会出现回滚行。

有人能看到我需要做些什么才能让角色分配正常工作吗？

组织模式

class Organisation < ApplicationRecord

  include LogoUploader[:logo]
  include BannerUploader[:banner]


  # --------------- associations

  has_many :users

  # --------------- scopes




  # --------------- validations


  # --------------- class methods

  enum org_type: {
                    University: 1,
                    Publicly_Funded_Research_Organisation: 2,
                    Industry: 3,
                    Grantor: 4,
                    Investor: 5,
                    Policy: 6,

                  }



  # --------------- callbacks

  # --------------- instance methods

  # --------------- private methods



end

Answer 1

与开发我们自己的RBAC (基于角色的访问控制)不同，rails社区已经有了一些开源的gems。我们可以利用它。

这是一颗漂亮的宝石

https://github.com/nathanl/authority

此外，还有许多其他可用的宝石。

authorization

如果上述任何一个宝石都不能满足您的需要，那么至少您可以使用它作为开发的示例模型。