覆盖 SessionsController 以根据用户属性拒绝访问

Question

我有一个 rails 4 项目，我在其中使用 DeviseTokenAuth。 一切正常，但我想拒绝访问具有特定状态的用户。 所以基本上

if user.status == :locked => Account :unauthorized

这就是我到目前为止所做的

class SessionsController < DeviseTokenAuth::SessionsController
   def new
      super
   end

   def create
      super
      render json: { error: "Account is locked MOFO " }, status: :unauthorized if current_user.status.to_sym == :locked    
    end
end

但是当我这样做时，我得到：

AbstractController::DoubleRenderError - Render and/or redirect were called multiple times in this action. Please notethat you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".:

有什么想法吗？

谢谢

Answer 1

发生此错误是因为从会话控制器创建方法调用了双渲染方法。一种选择是覆盖 render_create_success 方法以获得所需的结果。

class SessionsController < DeviseTokenAuth::SessionsController

   protected

   def render_create_success
    if current_user.status.to_sym == :locked
      render json: { error: "Account is locked MOFO " }, status: :unauthorized
    else
      super
    end
  end
end