问题
I am beginner in Rails world, so hoping I will be able to find an answer here. The project that I am working on, has to have User Authorization with roles, for simple users and for admins. With admin privileges I want to be able reset password for simple users or to add roles for them.
I was trying to apply Devise with cancancan gems, but unfortunately, couldn't make it work and I am not sure if that is even possible. So my question is which gems would you recommend to have such behavior. Or it's simpler to start from scratch?
Thank you for your answers.
回答1:
It sounds like you would benefit from the Rolify Gem: https://github.com/RolifyCommunity/rolify. I'm pretty sure CanCan is for access control based on roles. I'm guessing you have seen this RailsCast: http://railscasts.com/episodes/192-authorization-with-cancan but it seems like the piece you are missing is Rolify. It's a great gem and extremely easy to use.
回答2:
I have used Pundit with Devise
This is the repo to the application
add the gem and bundle. run rails g pundit:install
It will generate a policies folder with application_policy.rb file. There you can define conditions to actions. Say you want to make sure the user's role is admin to see application index
def index?
user.role == "admin"
end
If you want to create a policy for a different resource say Posts. You have to create a post_policy.rb file in the policies folder
来源:https://stackoverflow.com/questions/30278939/rails-4-authentication-model-with-roles