使用 declarative_authorization 和 authlogic 确定 current_user
我使用 authlogic 来验证用户身份。在我的控制器中,我使用 current_user,定义(如文档所述)如下:
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
我还使用 declarative_authorization 来管理当前用户的权限。在正常的运行时场景中一切正常,但是当我创建使用“get_with”之类的请求语句的功能测试时,控制器中的 current_user 为零。我查看了 declarative_authorization 测试帮助程序代码,发现在这种情况下,declarative_authorization gem 实际上将当前用户存储在 Authorization.current_user 中(它又来自 Thread.current["current_user"])。因此,当前用户在不同场景中的处理方式似乎相当混乱。
我的问题:在正常运行时和测试场景中查找 current_user 的适当方法是什么?
I use authlogic to authenticate users. In my controllers I use current_user, defined (as documented) as follows:
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
I also use declarative_authorization to manage the current user's permissions. All works fine in the normal runtime scenario, but when I create functional tests that use request statements like " get_with", current_user in the controller is nil. I looked through the declarative_authorization test helper code and found that in this scenario, the declarative_authorization gem actually stores the current user in Authorization.current_user (which in turn comes from Thread.current["current_user"]). So there seems to be quite a mixup of how a current user is handled in different scenario's.
My question: what is the appropriate way of finding the current_user in both the normal runtime and the test scenario?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你可以在application_controller中定义一个像这样的before_filter。
before_filter { |c| Authorization.current_user = c.current_user }
You can define a before_filter like this in application_controller.
before_filter { |c| Authorization.current_user = c.current_user }
安吉勒斯,你是对的。我不应该使用 get_with、post_with 等。这些只是设置 Authorization.current_user、session[:user] 和 session[:user_id] 并且这些似乎已经过时了 authlogic。由于某种原因,这些甚至将 UserSession 设置为 nil,这导致了问题。所以 UserSession.create(users(:admin)),然后是常规的 get、post 等是正确的方法。
Angelus, you were right. I shouldn't be using get_with, post_with, etc. These just set the Authorization.current_user, session[:user] and session[:user_id] and these seem to be obsolete with authlogic. And for some reason, these even set UserSession to nil, which was causing the problem. So UserSession.create(users(:admin)), followed by a regular get, post, etc. is the way to go.