如何使用 Authlogic 和 STI 获得操作级别保护？

发布于 2024-08-21 10:08:14 字数 1022 浏览 10 评论 0原文

鉴于如何使用 before_filter 进行单个用户分类已有详细记录，我在为多个用户类型获取操作级保护时遇到了困难。让我解释一下：

我有这样的东西......

class ApplicationController < ActionController::Base
  class << self 
    attr_accessor :standard_actions
  end
  @standard_actions = [:index, :show, :new, :edit, :create, :update, :destroy]

  def require_guardian
    unless current_user and current_user.is_a?(Guardian)
      store_location
      redirect_to home_url
      return false
    end
  end

  def require_admin
    unless current_user and current_user.is_a?(Administrator)
      store_location
      redirect_to register_url
      return false
    end
  end
end

在 GuardiansController 中，我只想允许管理员执行标准操作，但所有其他操作都应该需要监护人。所以我尝试了这个...

class GuardiansController < ApplicationController
  before_filter :require_admin, :only => ApplicationController::standard_actions
  before_filter :require_guardian, :except => ApplicationController::standard_actions
  ...
end

最终进行了递归重定向。一定有更好的办法吗？

原文

Given that it is well-documented how to use before_filter for a single user classification, I'm having trouble getting action-level protection for multiple user types. Let me explain:

I've got something like this...

class ApplicationController < ActionController::Base
  class << self 
    attr_accessor :standard_actions
  end
  @standard_actions = [:index, :show, :new, :edit, :create, :update, :destroy]

  def require_guardian
    unless current_user and current_user.is_a?(Guardian)
      store_location
      redirect_to home_url
      return false
    end
  end

  def require_admin
    unless current_user and current_user.is_a?(Administrator)
      store_location
      redirect_to register_url
      return false
    end
  end
end

And in the GuardiansController I want to only allow the standard actions for Administrator but all other actions should require Guardian. So I tried this...

class GuardiansController < ApplicationController
  before_filter :require_admin, :only => ApplicationController::standard_actions
  before_filter :require_guardian, :except => ApplicationController::standard_actions
  ...
end

Which ends up doing a recursive redirection. There must be a better way?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

风流物 2024-08-28 10:08:14

好吧，这又是一个不仔细看而漏掉一些东西的情况。我无意中设置了以递归方式重定向用户的路线。当您正确设置路线时，上述解决方案就可以正常工作：

def require_guardian
  unless current_user and current_user.is_a?(Guardian)
    store_location
    # this route (home_url) sent the user to another controller which ran a before_filter sending them back here again.
    # redirect_to home_url 
    # So I changed it to a neutral route and it works great!
    redirect_to register_url
    return false
  end
end

OK, this is another case of not looking carefully and missing something. I inadvertently had setup the route to redirect the user in a recursive way. The above solution works just fine when you set the routes properly:

def require_guardian
  unless current_user and current_user.is_a?(Guardian)
    store_location
    # this route (home_url) sent the user to another controller which ran a before_filter sending them back here again.
    # redirect_to home_url 
    # So I changed it to a neutral route and it works great!
    redirect_to register_url
    return false
  end
end

回复收藏 0 原文

~没有更多了~