rails 权限管理

这篇帖子 http://www.iteye.com/topic/177508

RoleRequirement 这个插件，因为他支持eval一些自定义方法来进行细粒度的判断

Ruby代码 复制代码

   1. class Admin::Listings < ApplicationController  
   2.   require_role "contractor"  
   3.   require_role "admin", :for => :destroy # don't allow contractors to destroy  
   4.   
   5.   # leverage ruby to prevent contractors from updating listings they don't have access to.  
   6.   require_role "admin", :for => :update, <strong>:unless => "current_user.authorized_for_listing?(params[:id]) "</strong>  ...  
   7. end  
   8. "  

class Admin::Listings < ApplicationController
  require_role "contractor"
  require_role "admin", :for => :destroy # don't allow contractors to destroy

  # leverage ruby to prevent contractors from updating listings they don't have access to.
  require_role "admin", :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) "  ...
end
"

经过修改，扩展出这种形式的调用：
@user.can_{action}_{controller}?
@user.can_{action}_{controller}?(@target)

以便在View能做更细致的布局