防止用户在 Rails 中直接执行控制器操作

发布于 2024-10-03 22:39:58 字数 799 浏览 5 评论 0原文

我遇到一种情况,我需要阻止用户显式调用 /town/addBuilding。 Town 是我的控制器,addBuilding 是执行的操作。

现在,问题是这个操作只能在我的程序代码中执行,而不是由请求执行它的用户执行。此外,此操作的执行方式类似于回调。在我的 application_controller 中,当满足某些条件时,会触发控制器操作并进行重定向。在 php 中,一个简单的守卫(例如定义守卫并对其进行检查)就足够了。 Rails 中是否有等效的东西,如果有,实现它的最佳方法是什么?

感谢您的阅读,我感谢您的帮助:)

编辑:我粘贴了一些代码以使其更清晰,请注意 /town/addBuilding 是一个示例,下面的控制器名称和操作的名称不同。

现在,这是实际的应用程序控制器代码,它是我正在编码的浏览器游戏的一部分。

def checkQuest
if TavernQuest.hasQuest(current_user)
  quest = TavernQuest.getQuest(current_user)
  if quest.end_time < Time.now # get quest info and check if the quest has been completed
    TavernQuest.deleteQuest(current_user)
    redirect_to :controller => 'tavern', :action => 'monsterAttack'
  end
end
end

酒馆控制器操作只是我想要执行的纯代码,但前提是重定向发生在应用程序控制器内部。

I have a situation where i need to prevent users from explicitly calling say /town/addBuilding. Town is my controller and addBuilding is the action that is executed.

Now, the thing is that this action should only be executed in my program's code and not by a user requesting to execute it. Moreover, this action is executed like a callback. In my application_controller, when some condition is met, the controller action is triggered and there is a redirection. In php, a simple guard like defining a guard and checking against it would be enough. Is there an equivalent thing in rails and if so, what is the best way to implement it ?

Thanx for reading and i appreciate your help :)

EDIT: I'm pasting some code to make it clearer, note that /town/addBuilding was an example, the controller names and actions below are differently named.

Now, that is the actual application controller code, it is part of a browser game that i'm coding.

def checkQuest
if TavernQuest.hasQuest(current_user)
  quest = TavernQuest.getQuest(current_user)
  if quest.end_time < Time.now # get quest info and check if the quest has been completed
    TavernQuest.deleteQuest(current_user)
    redirect_to :controller => 'tavern', :action => 'monsterAttack'
  end
end
end

The tavern controller action is just the plain code that i want to execute, but only if the redirection happens inside the application controller.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

牛↙奶布丁 2024-10-10 22:39:58

看来您正在尝试将逻辑放入实际上应该属于模型或库的控制器中。

我为什么这么说:除了 current_user 和重定向之外,所有代码都与您的模型(知识应该在的地方)而不是您的控制器更相关。您的模型知道用户的任务何时过期。

示例实现:

class TavernQuest

  def self.user_quest_is_expired?(user)
    quest = getQuest(current_user)
    if quest && quest.end_time < Time.now 
      TavernQuest.deleteQuest(current_user)
      true
    else
      false
    end
  end
end

在你的控制器中你只需要写

redirect_to :controller => 'tavern', :action => 'monsterAttack' if TavernQuest.user_quest_is_expired?(current_user)

It seems that you are trying to put logic into a controller which actually should belong in a model or a library.

Why do i say this: aside from the current_user and the redirect, all the code is more related to your model (where the knowledge should be) and not your controller. Your model knows when a user's quest is expired.

Example implementation:

class TavernQuest

  def self.user_quest_is_expired?(user)
    quest = getQuest(current_user)
    if quest && quest.end_time < Time.now 
      TavernQuest.deleteQuest(current_user)
      true
    else
      false
    end
  end
end

and in your controller you just need to write

redirect_to :controller => 'tavern', :action => 'monsterAttack' if TavernQuest.user_quest_is_expired?(current_user)
终难遇 2024-10-10 22:39:58

将 addBuilding 方法放在以 protected 开头的行下,如下所示

protected
def addBuilding
   #your code
end

享受吧!

编辑: 除此之外,您可能还想在控制器中使用 before_filter ...我很快就会发布确切的语法。

 before_filter :addBuilding, :only => :method_name

method_name 是可以访问 :addBuilding 的方法,添加此行后没有其他方法可以访问此方法。

编辑:好的,所以根据您提供的信息,protected< /code> 不会起作用,因为如果我们将您的秘密操作置于受保护之下,则只有tavern控制器才能访问它。

编辑:请考虑使用会话来检查用户在尝试执行 monsterAttack 操作时是否具有有效会话。

Put the addBuilding method under a line that starts with protected, as follows

protected
def addBuilding
   #your code
end

Enjoy!

EDIT: In addition to this you might also wanna use the before_filter in your controllers... I'll post the exact syntax soon.

 before_filter :addBuilding, :only => :method_name

method_name is the method from which :addBuilding can be accessed, no other method can access this method after adding in this line..

EDIT: Ok, so based on the info you provided, protected wont work since if we put your secret action under protected only the tavern controller will have access to it.

EDIT: Please consider using Sessions to check if the users have a valid session when they try to to execute the monsterAttack action..

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文