The three components of devise, cancan, and rolify combine to create a complete and powerful user rights model.
- Devise introduction, responsible for user registration, login, exit, retrieve password and other operations. Detail reference devise on GitHub
- Cancan, which is responsible for role creation, authorization of roles, displaying elements in the page based on authorization, and throwing exceptions when the model is out of authorization. Detail reference rolify on GitHub
- Rolify, which is responsible for associating users with roles. Detail reference rolify on GitHub
The following is a brief introduction of the use of these three methods, relatively shallow, deep-seated people to see their own document mining, here only to introduce the most basic use.
Operating Environment
I'm using Ruby 1.9.3-p484 rails 3.2.16 here.
Create a new project
Rails New Demo--skip-bundle #跳过bundle
Add the following Gem pack to the Gemfile
?
1234 |
# add a perfect user verify system gem ‘devise‘ gem ‘cancan‘ gem ‘rolify‘ |
Then run the bundle install
Perform devise initialization
$ rails Generate Devise:install
This command produces a user guide that tells you a few things to do, here is the content translation (the one that has been removed from the Heroku deployment, adding a description of the login exit option):
1) Make sure that you have a default url,config/environments/development.rb in your environment:
Config.action_mailer.default_url_options = {: host = ' localhost:3000 '}
If in production environment,: host must be set to the real hostname of the app.
2) determine that Root_url has been defined in CONFIG/ROUTES.RB (note remove the index.html under public), for example:
root:to = "Home#index"
You can use the following command to generate a Home#index page:
Rails G Controller Home Index
3) Add a message alert in App/views/layouts/application.html.erb, for example:
<p class= "notice" ><%= notice%></p> |
4) Many times you also need to increase the login, exit options:
?
1234567 |
<%
if current_user %>
<%= link_to(
‘退出‘
, destroy_user_session_path,
:method =>
:delete
) %> |
<%= link_to(
‘修改密码‘
, edit_registration_path(
:user
)) %>
<%
else %>
<%= link_to(
‘注册‘
, new_registration_path(
:user
)) %> |
<%= link_to(
‘登录‘
, new_session_path(
:user
)) %>
<%
end %><span></span>
|
5) If you want to customize the Devise view model, you can then execute the following statement:
$ Rails G devise:views
Build the user model (you can use a different name instead of user) and perform a data migration
$ rails g devise user$ rake db:migrate
Increased authentication filtering in the controller to turn to the user login page when accessing the model page (this is not verified by itself)
In a model that requires authentication, such as HomeController, add the following code:
before_filter:authenticate_user!
Integrated Cancan and Rolify
Cancan provides authorization control over resources. For example, use the can method in a view to decide whether to display a page element. If the system role is very simple, then cancan also directly specify the constants in the code can support, specific operations can refer to the official documents. But to provide complex role management, the best solution, or devise based on the integration of Cancan+rolify.
1. Modify the Gemfile and run the bundle install again
Gem ' cancan ' Gem ' rolify '
2. Create the role of cancan ability and rolify
$ rails Generate cancan:ability$ rails generate rolify Role user$ rake db:migrate
3. Custom devise user registration event, you can give the user Rolify role at the time of registration, for example, the following code for the first user assigned to the Admin role:?
1234567891011 |
class ApplicationController < ActionController::Base
def after_sign_in_path_for(resource)
if resource.is_a?(User)
if User.count ==
1
resource.add_role
‘admin‘
end
resource
end
root_path
end
end
|
4. Use Cancan to assign authorization resources to the roles established in rolify, such as we assign "manage" resources for all control classes to users who allow the admin role, while others assign a "read" resource:?
12345678910 |
class Ability
include CanCan::Ability
def initialize(user)
if user.has_role?
:admin
can
:manage
,
:all
else
can
:read
,
:all
end
end
end
|
5. The above has implemented the "User-role-permissions" of the three-tier permission model, in view can be used. For example, add the following code to the Home#index page:?
123456 |
<%
if user_signed_in? %>
<p>The user is loged
in
.</p>
<%
if can?
:manage
, :Home %>
<%= link_to
"About"
, home_about_path %>
<%
end %>
<%
end %>
|
Finish
Ruby on Rails: using devise+cancan+rolify to establish a complete authority management system