cancan是一款rails的权限认证gem,非常的强大和灵活。权限可以定义在代码中,也可以定义到数据库中。 与分级插件awesome_nested_set配合能完成非常复杂的用户权限控制。
- 安装
config.gem "cancan"
rails 3
gem 'cancan'
- 生成验证文件
rails2 需要自己增加
app/model/ability.rb
class Ability include CanCan::Ability def initialize(user) end end
rails3
rails g cancan:ability
权限文件的定义方法
can [:manage, :read, :update, :destory ], 资源[User , user ]
cannot 。。。
定义 model的属性
定义nested嵌套属性can :read, Project, :active => true, :user_id => user.id
block定义属性can :read, Project, :category => { :visible => true }
重写can 方法?!can :update, Project do |project| project.priority < 3 end
can do |action, subject_class, subject| # ... end
- controller 引用
有三种
其一:能认证一个controller中的所有action
load_and_authorize_resource :users, :photo user = User.accessible_by(current_ability).find(:first, :conditions => ["username = ?", @username])
其二:认证一个action
def show @article = Article.find(params[:id]) authorize! :read, @article end
其三:认证整个项目
class ApplicationController < ActionController::Base check_authorization end
- view引用
<% if can? :update, @article %> <%= link_to "Edit", edit_article_path(@article) %> <% end %>
- 其他
无权限访问某资源时,会抛出 异常
class ApplicationController < ActionController::Base rescue_from CanCan::AccessDenied do |exception| redirect_to root_url, :alert => exception.message end end
资料:
cancan homepage: https://github.com/ryanb/cancan
awesome_nested_set home page: https://github.com/collectiveidea/awesome_nested_set
devise, cancan , bootstrap rails3.2 整合: https://github.com/RailsApps/rails3-bootstrap-devise-cancan