acl9 和 devise 似乎不能很好地协同工作
我有一个用户模型,其访问权限由 ACL9 控制。
在UsersController中:
#ACL9 related stuff
before_filter :load_user, :only => [:show]
access_control do
allow :owner, :of => :user, :to => [:show]
end
def load_user
user = User.find(params[:id])
end
在ApplicationController中:
rescue_from 'Acl9::AccessDenied', :with => :access_denied
def access_denied
authenticate_user! # a method from Devise
end
输入登录页面的url没有问题http://localhost:3000/users/sign_in ,但是当我首先输入用户页面时,这是一个问题,我希望通过上面的逻辑将其重定向到自动登录页面。
http://localhost:3000/users/1 =>无限重定向地狱。它尝试再次重定向回 users/1,而不是定向到 users/sign_in。
有人对可能出什么问题有意见吗?
I have a user model whose access controlled by ACL9.
in UsersController:
#ACL9 related stuff
before_filter :load_user, :only => [:show]
access_control do
allow :owner, :of => :user, :to => [:show]
end
def load_user
user = User.find(params[:id])
end
in ApplicationController:
rescue_from 'Acl9::AccessDenied', :with => :access_denied
def access_denied
authenticate_user! # a method from Devise
end
It is no problem to type in url for sign in page http://localhost:3000/users/sign_in, but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically through the logic above.
http://localhost:3000/users/1 => infinite redirect hell. It tries to redirect back to users/1 again instead of directing to users/sign_in.
Does anyone have an opinion as to what might be going wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为你不应该在 Devise 用户控制器中使用 Acl9。由于您没有经过身份验证,因此您没有任何权利,也不会进行身份验证:D。
您可能想禁止用户删除,所以它应该是这样的:
对于 UsersController,如果您想将其保留在应用程序控制器中,则应该覆盖您的 access_control。
I think you should not use Acl9 in Devise user controller. Since you are not authenticated you have no rights and you will not authenticate :D.
You may want to forbid users to delete, so it should be like:
For UsersController you should overwrite your access_control if you want to leave it as is in application controller.