Rails: 在 CanCan 访问被拒绝之前询问用户身份验证
Rails: Ask user authentication before CanCan access denied
我想显示登录表单而不是 cancan access denied flash 消息。这是我的控制器
#app/controllers/oferts_controller.rb
class OfertsController < ApplicationController
before_action :set_ofert, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource :only => [:new, :edit, :destroy]
before_filter :authenticate_user!, :except => [:show, :index]
# GET /oferts
# GET /oferts.json
def index
@oferts = Ofert.areactive
end
# GET /oferts/1
# GET /oferts/1.json
def show
end
# GET /oferts/new
def new
@ofert = current_user.oferts.new
@ofert.purchasing_group = PurchasingGroup.new
end
# GET /oferts/1/edit
def edit
end
# POST /oferts
# POST /oferts.json
def create
....
end
# PATCH/PUT /oferts/1
# PATCH/PUT /oferts/1.json
def update
....
end
# DELETE /oferts/1
# DELETE /oferts/1.json
def destroy
...
end
private
# Use callbacks to share common setup or constraints between actions.
def set_ofert
@ofert = Ofert.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def ofert_params
params.require(:ofert).permit(:title, :short_title, :description, :price, :normal_price, :ends_at, :ends_at_date, :ends_at_time)
end
end
出于某种原因,当我尝试访问需要登录的操作时,例如 "create",我只从 CanCan 收到访问被拒绝的消息,但我没有按应有的方式重定向到登录页面,因为我有 :authenticate_user! before_filter 在控制器中。
如何优先设计重定向到登录页面而不是 cancan 访问被拒绝的闪现消息?
谢谢
更新:
这是我的 Gemfile
source 'https://rubygems.org'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '4.1.9'
# Use mysql as the database for Active Record
gem 'mysql2'
# Use SCSS for stylesheets
gem 'sass-rails', '~> 5.0.0'
# Use Uglifier as compressor for JavaScript assets
gem 'uglifier', '>= 1.3.0'
# Use CoffeeScript for .js.coffee assets and views
gem 'coffee-rails', '~> 4.0.0'
# See https://github.com/sstephenson/execjs#readme for more supported runtimes
# gem 'therubyracer', platforms: :ruby
# Use jquery as the JavaScript library
gem 'jquery-rails'
# Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
gem 'turbolinks'
# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
gem 'jbuilder', '~> 2.0'
# bundle exec rake doc:rails generates the API under doc/api.
gem 'sdoc', '~> 0.4.0', group: :doc
gem 'money-rails', '~> 1.2.0'
gem 'money', '~> 6.5.0'
# Use ActiveModel has_secure_password
gem 'bcrypt', '~> 3.1.7'
gem 'foundation-rails'
gem 'font-awesome-rails', '~>4.3.0.0'
gem 'devise'
gem "cancan"
gem "rolify"
gem "paperclip", "~> 4.2"
gem 'rails-i18n', '~> 4.0.0'
gem 'jquery-ui-rails'
gem 'whenever', :require => false
gem 'jquery-countdown-rails'
# Use unicorn as the app server
# gem 'unicorn'
# Use Capistrano for deployment
# gem 'capistrano-rails', group: :development
# Use debugger
# gem 'debugger', group: [:development, :test]
group :development do
# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
gem 'quiet_assets', '~>1.1'
end
group :development, :test do
gem 'rspec-rails', '~> 3.0.0'
gem 'rspec-expectations'
gem 'factory_girl_rails', '~> 4.0'
end
group :test do
gem 'capybara', '~> 2.3.0'
gem 'capybara-email'
gem 'shoulda-matchers', '~> 2.7.0'
gem 'rspec-its'
gem 'rspec-activemodel-mocks', '~> 1.0.1'
end
因为load_and_authorize_resource给控制器增加了一个before_action,我建议反转:
load_and_authorize_resource :only => [:new, :edit, :destroy]
before_filter :authenticate_user!, :except => [:show, :index]
喜欢:
before_filter :authenticate_user!, :except => [:show, :index]
load_and_authorize_resource :only => [:new, :edit, :destroy]
每次调用 before_filter 或 before_action,它都会将方法添加到队列中,并在运行时以 FIFO(先进先出)顺序调用它们。
我还建议使用 before_action 而不是 before_filter 因为根据 Rails 4.2 Release Notes,不鼓励使用 *_filter 系列方法,因为它已从文档中删除并且它将被在 Rails 的未来版本中已弃用,最终将被删除。
郑重声明,这是传统的 DRY 方法:
class ApplicationController < ActionController::Base
# ...
rescue_from CanCan::AccessDenied, with: :access_denied
# ...
private
def access_denied(exception)
store_location_for :user, request.path
redirect_to user_signed_in? ? root_path : new_user_session_path, alert: exception.message
end
end
如果用户当前未登录,这将在会话中存储请求的位置并呈现 Devise 登录表单。存储的位置将在成功登录后触发重定向到请求的位置。
将代码放在 ApplicationController 中将在全局范围内定义此类行为。
如果每个控制器都不需要这个,你可以随意将 rescue_from CanCan::AccessDenied, with: :access_denied 行放在你想要的地方,OfertsController 在你的情况下。您还需要将 access_denied 方法列为 protected 而不是 private.
我想显示登录表单而不是 cancan access denied flash 消息。这是我的控制器
#app/controllers/oferts_controller.rb
class OfertsController < ApplicationController
before_action :set_ofert, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource :only => [:new, :edit, :destroy]
before_filter :authenticate_user!, :except => [:show, :index]
# GET /oferts
# GET /oferts.json
def index
@oferts = Ofert.areactive
end
# GET /oferts/1
# GET /oferts/1.json
def show
end
# GET /oferts/new
def new
@ofert = current_user.oferts.new
@ofert.purchasing_group = PurchasingGroup.new
end
# GET /oferts/1/edit
def edit
end
# POST /oferts
# POST /oferts.json
def create
....
end
# PATCH/PUT /oferts/1
# PATCH/PUT /oferts/1.json
def update
....
end
# DELETE /oferts/1
# DELETE /oferts/1.json
def destroy
...
end
private
# Use callbacks to share common setup or constraints between actions.
def set_ofert
@ofert = Ofert.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def ofert_params
params.require(:ofert).permit(:title, :short_title, :description, :price, :normal_price, :ends_at, :ends_at_date, :ends_at_time)
end
end
出于某种原因,当我尝试访问需要登录的操作时,例如 "create",我只从 CanCan 收到访问被拒绝的消息,但我没有按应有的方式重定向到登录页面,因为我有 :authenticate_user! before_filter 在控制器中。
如何优先设计重定向到登录页面而不是 cancan 访问被拒绝的闪现消息?
谢谢
更新: 这是我的 Gemfile
source 'https://rubygems.org'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '4.1.9'
# Use mysql as the database for Active Record
gem 'mysql2'
# Use SCSS for stylesheets
gem 'sass-rails', '~> 5.0.0'
# Use Uglifier as compressor for JavaScript assets
gem 'uglifier', '>= 1.3.0'
# Use CoffeeScript for .js.coffee assets and views
gem 'coffee-rails', '~> 4.0.0'
# See https://github.com/sstephenson/execjs#readme for more supported runtimes
# gem 'therubyracer', platforms: :ruby
# Use jquery as the JavaScript library
gem 'jquery-rails'
# Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
gem 'turbolinks'
# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
gem 'jbuilder', '~> 2.0'
# bundle exec rake doc:rails generates the API under doc/api.
gem 'sdoc', '~> 0.4.0', group: :doc
gem 'money-rails', '~> 1.2.0'
gem 'money', '~> 6.5.0'
# Use ActiveModel has_secure_password
gem 'bcrypt', '~> 3.1.7'
gem 'foundation-rails'
gem 'font-awesome-rails', '~>4.3.0.0'
gem 'devise'
gem "cancan"
gem "rolify"
gem "paperclip", "~> 4.2"
gem 'rails-i18n', '~> 4.0.0'
gem 'jquery-ui-rails'
gem 'whenever', :require => false
gem 'jquery-countdown-rails'
# Use unicorn as the app server
# gem 'unicorn'
# Use Capistrano for deployment
# gem 'capistrano-rails', group: :development
# Use debugger
# gem 'debugger', group: [:development, :test]
group :development do
# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
gem 'quiet_assets', '~>1.1'
end
group :development, :test do
gem 'rspec-rails', '~> 3.0.0'
gem 'rspec-expectations'
gem 'factory_girl_rails', '~> 4.0'
end
group :test do
gem 'capybara', '~> 2.3.0'
gem 'capybara-email'
gem 'shoulda-matchers', '~> 2.7.0'
gem 'rspec-its'
gem 'rspec-activemodel-mocks', '~> 1.0.1'
end
因为load_and_authorize_resource给控制器增加了一个before_action,我建议反转:
load_and_authorize_resource :only => [:new, :edit, :destroy]
before_filter :authenticate_user!, :except => [:show, :index]
喜欢:
before_filter :authenticate_user!, :except => [:show, :index]
load_and_authorize_resource :only => [:new, :edit, :destroy]
每次调用 before_filter 或 before_action,它都会将方法添加到队列中,并在运行时以 FIFO(先进先出)顺序调用它们。
我还建议使用 before_action 而不是 before_filter 因为根据 Rails 4.2 Release Notes,不鼓励使用 *_filter 系列方法,因为它已从文档中删除并且它将被在 Rails 的未来版本中已弃用,最终将被删除。
郑重声明,这是传统的 DRY 方法:
class ApplicationController < ActionController::Base
# ...
rescue_from CanCan::AccessDenied, with: :access_denied
# ...
private
def access_denied(exception)
store_location_for :user, request.path
redirect_to user_signed_in? ? root_path : new_user_session_path, alert: exception.message
end
end
如果用户当前未登录,这将在会话中存储请求的位置并呈现 Devise 登录表单。存储的位置将在成功登录后触发重定向到请求的位置。
将代码放在 ApplicationController 中将在全局范围内定义此类行为。
如果每个控制器都不需要这个,你可以随意将 rescue_from CanCan::AccessDenied, with: :access_denied 行放在你想要的地方,OfertsController 在你的情况下。您还需要将 access_denied 方法列为 protected 而不是 private.