如何在Google App Engine上使用RBAC(或访问控制)?
有人在部署于以下位置的基于GWT的项目中使用了 RBAC (或其他访问控制)是App Engine吗?
还是实际上如何通过基于角色的方式管理对GWT-RPC的调用?
Has anyone used some RBAC (or other access control) in a GWT based project deployed in App Engine?
Or actually how to manage GWT-RPC calls to by role based?
还是仅发送代码会更容易
Or is it easier to only "send the code" to client browser based on user's login credentials?
想法,库,欢迎使用!
谢谢
您可以在用户类中添加一个Roles属性:
You could add a roles property to your user class:
class MyUser(db.Model):
roles = db.ListProperty(db.Key)
class Role(db.Model):
...
然后,当您想知道用户是否可以执行某项操作时,请执行以下操作这个:
Then, when you want to know whether a user can do something, do something like this:
if required_role in current_user.roles:
do_the_thing()
else:
warn_sternly()
您需要建模的角色是谁。这是一个多对多的关系(至少在大多数应用程序中)。这是实现这种关系的一种方法,但还有其他方法可能更适合您的情况。以下是有关App Engine中关系建模的一些建议的页面: https://developers.google.com / appengine / articles / modeling
What you need to model is who is in what roles. This is a many-to-many relationship (at least, in most applications). This is one way to implement such a relationship, but there are other ways, which may be more appropriate to your situation. Here's a page that has some advice on relationship modeling in App Engine: https://developers.google.com/appengine/articles/modeling