Ruby on Rails: using devise+cancan+rolify to establish a complete authority management system

The three components of devise, cancan, and rolify combine to create a complete and powerful user rights model.

• Devise introduction, responsible for user registration, login, exit, retrieve password and other operations. Detail reference devise on GitHub
• Cancan, which is responsible for role creation, authorization of roles, displaying elements in the page based on authorization, and throwing exceptions when the model is out of authorization. Detail reference rolify on GitHub
• Rolify, which is responsible for associating users with roles. Detail reference rolify on GitHub

The following is a brief introduction of the use of these three methods, relatively shallow, deep-seated people to see their own document mining, here only to introduce the most basic use.

Operating Environment

I'm using Ruby 1.9.3-p484 rails 3.2.16 here.

Create a new project

Rails New Demo--skip-bundle #跳过bundle

Add the following Gem pack to the Gemfile

?

1234	# add a perfect user verify systemgem ‘devise‘gem ‘cancan‘gem ‘rolify‘

Then run the bundle install

Perform devise initialization

$ rails Generate Devise:install

This command produces a user guide that tells you a few things to do, here is the content translation (the one that has been removed from the Heroku deployment, adding a description of the login exit option):

1) Make sure that you have a default url,config/environments/development.rb in your environment:

Config.action_mailer.default_url_options = {: host = ' localhost:3000 '}

If in production environment,: host must be set to the real hostname of the app.

2) determine that Root_url has been defined in CONFIG/ROUTES.RB (note remove the index.html under public), for example:

root:to = "Home#index"

You can use the following command to generate a Home#index page:

Rails G Controller Home Index

3) Add a message alert in App/views/layouts/application.html.erb, for example:

<p class= "notice" ><%= notice%></p>

4) Many times you also need to increase the login, exit options:

?

1234567

<% if current_user %>      <%= link_to(‘退出‘, destroy_user_session_path, :method => :delete) %> |      <%= link_to(‘修改密码‘, edit_registration_path(:user)) %>    <% else %>      <%= link_to(‘注册‘, new_registration_path(:user)) %> |      <%= link_to(‘登录‘, new_session_path(:user)) %>    <% end %><span></span>

5) If you want to customize the Devise view model, you can then execute the following statement:

$ Rails G devise:views

Build the user model (you can use a different name instead of user) and perform a data migration

$ rails g devise user$ rake db:migrate

Increased authentication filtering in the controller to turn to the user login page when accessing the model page (this is not verified by itself)

In a model that requires authentication, such as HomeController, add the following code:

before_filter:authenticate_user!

Integrated Cancan and Rolify

Cancan provides authorization control over resources. For example, use the can method in a view to decide whether to display a page element. If the system role is very simple, then cancan also directly specify the constants in the code can support, specific operations can refer to the official documents. But to provide complex role management, the best solution, or devise based on the integration of Cancan+rolify.

1. Modify the Gemfile and run the bundle install again

Gem ' cancan ' Gem ' rolify '

2. Create the role of cancan ability and rolify

$ rails Generate cancan:ability$ rails generate rolify Role user$ rake db:migrate

3. Custom devise user registration event, you can give the user Rolify role at the time of registration, for example, the following code for the first user assigned to the Admin role:?

1234567891011

class ApplicationController < ActionController::Base     def after_sign_in_path_for(resource)       if resource.is_a?(User)         if User.count == 1           resource.add_role ‘admin‘         end         resource       end       root_path     end   end

4. Use Cancan to assign authorization resources to the roles established in rolify, such as we assign "manage" resources for all control classes to users who allow the admin role, while others assign a "read" resource:?

12345678910

class Ability     include CanCan::Ability     def initialize(user)       if user.has_role? :admin         can :manage, :all       else         can :read, :all       end     end   end

5. The above has implemented the "User-role-permissions" of the three-tier permission model, in view can be used. For example, add the following code to the Home#index page:?

123456

<% if user_signed_in? %>        <p>The user is loged in.</p>        <% if can? :manage, :Home %>          <%= link_to "About", home_about_path   %>        <% end %>    <% end %>

Finish

Ruby on Rails: using devise+cancan+rolify to establish a complete authority management system