Permissions stored in the database

Skip to first unread message

Bishma Stornelli

Aug 14, 2012, 7:33:38 PM8/14/12

I'm designing a system that needs the admin to be able to change permissions of roles. Roles and permissions are static but the permissions assigned to a role can vary.

I was planning to make a table like this:

name operation context context_attribute user_attribute compare_by
Create projects create project
Read all projects read project
Update all projects update project
Delete all projects delete project
Update managed projects update project managers user contains
Delete managed projects delete project managers user contains
Update leaded projects update project leaders user contains
Delete leaded projects delete project leaders user contains
Create activity in any project create activity
Read activities in any project read activity
Update activities in any project update activity
Delete activities in any project delete activity
Create activity in managed projects create activity project user.managing_projects is_in
Update acitivity in managed project update activity project user.managing_projects is_in
Delete activity in managed projects delete activity project user.managing_projects is_in
Create activity in leaded projects create activity project user.leading_projects is_in
Update activity in leading projects update activity project user.leading_projects is_in
Delete activities in leading projects delete activity project user.leading_projects is_in
Update assigned activities update activity assigned user contains
Delete assigned activities delete activity assigned user contains

And then in the authorization rules file do this:

Role.find_each do | r |
    role do
       r.permissions.each do | p |
           has_permission_on p.context.to_sym, to: p.operation.to_sym do
                if p.context_attribute 
                     if_attribute p.context_attribute => [ p.compare_by.to_sym , eval(p.user_attribute) ]

Is this possible?

Reply all
Reply to author
0 new messages