问题
Has anyone used some RBAC (or other access control) in a GWT based project deployed in App Engine?
Or actually how to manage GWT-RPC calls to by role based?
Or is it easier to only "send the code" to client browser based on user's login credentials?
Ideas, libraries, all is welcome!
Thank you
回答1:
You could add a roles property to your user class:
class MyUser(db.Model):
roles = db.ListProperty(db.Key)
class Role(db.Model):
...
Then, when you want to know whether a user can do something, do something like this:
if required_role in current_user.roles:
do_the_thing()
else:
warn_sternly()
What you need to model is who is in what roles. This is a many-to-many relationship (at least, in most applications). This is one way to implement such a relationship, but there are other ways, which may be more appropriate to your situation. Here's a page that has some advice on relationship modeling in App Engine: https://developers.google.com/appengine/articles/modeling
来源:https://stackoverflow.com/questions/5641412/how-to-use-rbac-or-access-control-on-google-app-engine