Six - Ruby 授权库使用指南

2024-12-26 00:31:03作者：庞队千Virginia

Six 是一个简单的 Ruby 授权库，适用于 Rails 应用程序或其他任何框架。它基于纯 Ruby 实现，提供了灵活的授权机制。本文将详细介绍如何安装、使用 Six，并解释其 API 的使用方法。

1. 安装指南

Six 可以通过 RubyGems 进行安装。在终端中执行以下命令即可安装 Six：

gem install six

2. 项目的使用说明

快速开始

使用 Six 进行授权管理只需四个步骤：

创建 abilities 对象
```
abilities = Six.new
```

创建包含 allowed 方法的对象或类

在这个对象或类中，你可以定义授权规则：

class BookRules
  def self.allowed(author, book)
    [:read_book, :edit_book]
  end
end

将规则对象添加到 abilities 中
```
abilities << BookRules # true
```
检查授权

现在你可以检查用户是否具有某项权限：
```
abilities.allowed?(@user, :read_book, @book) # true
```

在 Rails 中使用

在 Rails 中，你可以将 Six 集成到控制器和视图中：

# application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery

  helper_method :abilities, :can?

  protected 

  def abilities
    @abilities ||= Six.new
  end

  def can?(object, action, subject)
    abilities.allowed?(object, action, subject)
  end
end

# books_controller.rb
class BooksController < ApplicationController
  before_action :add_abilities
  before_action :load_author

  def show
    @book = Book.find(params[:id])
    head(404) and return unless can?(:guest, :read_book, @book)
  end

  def edit
    @book = Book.find(params[:id])
    head(404) and return unless can?(@author, :edit_book, @book)
  end

  protected

  def add_abilities
    abilities << Book
  end

  def load_author
    @author = Author.find_by_id(params[:author_id])
  end
end

# Model
class Book < ActiveRecord::Base
  belongs_to :author

  def self.allowed(object, subject)
    rules = []
    return rules unless subject.instance_of?(Book)
    rules << :read_book if subject.public?
    rules << :edit_book if object && object.id == subject.author_id
    rules
  end
end

# View
link_to 'Edit', edit_book_path(book) if can?(@author, :edit_book, @book)

Ruby 使用示例

class BookRules
  def self.allowed(author, book)
    rules = []
    return rules unless book.instance_of?(Book)

    rules << :read_book if book.published? 
    rules << :edit_book if book.author?(author)

    if book.author?(author) && book.is_approved?
      rules << :publish_book 
    end

    rules
  end
end

abilities = Six.new
abilities << BookRules

abilities.allowed? guest, :read_book, unpublished_book # false
abilities.allowed? guest, :read_book, published_book # true
abilities.allowed? guest, :edit_book, book # false
abilities.allowed? author, :edit_book, book # true
abilities.allowed? guest, :remove_book, book # false

3. 项目 API 使用文档

初始化

# 简单初始化
abilities = Six.new

# 带规则初始化
abilities = Six.new(:book_rules => BookRules)

# 多规则初始化
abilities = Six.new(:book => BookRules, :auth => AuthRules, :managment => ManagerRules)

添加规则

abilities = Six.new

# 简单添加
abilities << BookRules

# 高级添加（带命名空间）
abilities.add(:book_rules, BookRules)

检查权限

abilities = Six.new
abilities << BookRules

abilities.allowed? @guest, :read_book, @book # true
abilities.allowed? @guest, :edit_book, @book # false
abilities.allowed? @guest, [:read_book, :edit_book], @book # false

使用特定规则集

abilities.add(:book_rules, BookRules)
abilities.add(:car_rules, CarRules)

abilities.use(:book_rules)
abilities.allowed? ... # 仅使用 BookRules 中的规则

命名空间

class BookRules
  def self.allowed(author, book)
    [:read_book, :edit_book, :publish_book] 
  end
end

class CarRules
  def self.allowed(driver, car)
    [:drive, :sell] 
  end
end

abilities = Six.new
abilities.add(:book, BookRules)
abilities.add(:car, CarRules)

abilities.use(:book)
abilities.allowed? :anyone, :read_book, book # true
abilities.allowed? :anyone, :drive, car # false

abilities.reset_use
abilities.allowed? :anyone, :drive, :any     # true
abilities.allowed? :anyone, :read_book, :any # true