使用 Rails 进行 authlogic 和 ajax 就地编辑,还有路由问题
我正在尝试使用 Authlogic 来保护页面上的一些编辑器字段。我已经保护了控制器中的所有方法,但看起来 in_place_editor 正在调用一些奇怪的生成的东西,这些东西甚至没有出现在我的路线中,例如“/quotes/set_quote_text/1”。第一,是否有一个网站可以详细介绍这些“秘密”路线?或者这是我不知道的就地编辑添加的内容?当我显示所有路线时它甚至没有显示,这有点令人不安。
假设我确实发现了这一点,我不知道如何保护控制器中不是方法的东西。我可以保护整条路线吗?
另一个问题是,即使我确实限制了更新路线,就地编辑器字段也会呈现所有内容。我想做到这一点的方法是创建一个助手,它将根据用户是否登录来呈现适当的版本。我只是不确定我要检查什么来查看某人是否登录,因为我一直在控制器中完成这一切...此外,提示:部分是否仅呈现两个版本之一部分取决于登录状态,还是有其他方法可以做到这一点?
谢谢!
I'm trying to use Authlogic to protect some in place editor fields I have on a page. I've protected all the methods in my controller, but it looks like in_place_editor is calling some weird generated stuff that doesn't even show up in my routes, like "/quotes/set_quote_text/1". Number one is there a site that tells more about these "secret" routes? Or is this something that in place edit added that I don't know about? It's just kind of unnerving that it doesn't even show up when I display all routes.
Assuming I do find out this, I have no idea how to protect things that aren't methods in my controller. Can I protect a whole route?
Another question is that, even if I do restrict the update route, the in place editor fields are rendering for everything. I would imagine that the way to do this would be to create a helper which would render the appropriate version depending on if the user is logged in or not. I am just not sure what I'd be checking against to see if someone's logged in or not, since I've been doing it all in the controller...Also, tips for that: would the partial just render one of 2 versions of a partial depending on the logged in state, or is there another way to do this?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
默认情况下,Rails 包含以下路由:
此外,您可能知道,所有公共控制器方法都充当控制器操作。
考虑以下控制器:
因此,使用默认路由,
/sample/test将调用SampleController#test另外值得了解的是
in_place_edit_for(object, attribute, options = {})在控制器上定义了一个名为set_#{object}_#{attribute}的新方法。在您的例子中,这是set_quote_text。回答您的问题:
rake 路线中:几乎可以肯定,这是因为它使用了我在开始时谈到的默认路由。我经常删除这些路由,以便只使用我明确定义的路由。
现在您知道了操作的名称,您可以将其添加到受保护操作列表中。我假设您有类似
before_filter :authentication_required, :only => 的内容LIST_OF_ACTIONS_REQUIRING_AUTHENTICATION。然而,比这更安全的是使用 except 并提供您不想保护的所有操作的列表:before_filter :authentication_required, : except => LIST_OF_ACTIONS_THAT_DON'T_REQUIRE_AUTHENTICATION希望这就是您所需要的。
By default Rails includes the following routes:
Furthermore, as you probably know, all public controller methods serve as controller actions.
Consider the following controller:
So with the default routes,
/sample/testwill callSampleController#testAlso worth knowing is that
in_place_edit_for(object, attribute, options = {})defines a new method on the controller calledset_#{object}_#{attribute}. In your case, this isset_quote_text.To answer your questions:
rake routes:Almost certainly this is because it's using that default route that I talked about at the beginning. I often times remove these routes so that only routes I explicitly define will be used.
Now that you know the name of the action you can add it to your list of protected actions. I assume you have something along the lines of
before_filter :authentication_required, :only => LIST_OF_ACTIONS_REQUIRING_AUTHENTICATION. Safer than this however is to use except and provide a list of all actions that you do not want to protect:before_filter :authentication_required, :except => LIST_OF_ACTIONS_THAT_DON'T_REQUIRE_AUTHENTICATIONHopefully that's what you need.