防止用户在 Rails 中直接执行控制器操作
我遇到一种情况,我需要阻止用户显式调用 /town/addBuilding。 Town 是我的控制器,addBuilding 是执行的操作。
现在,问题是这个操作只能在我的程序代码中执行,而不是由请求执行它的用户执行。此外,此操作的执行方式类似于回调。在我的 application_controller 中,当满足某些条件时,会触发控制器操作并进行重定向。在 php 中,一个简单的守卫(例如定义守卫并对其进行检查)就足够了。 Rails 中是否有等效的东西,如果有,实现它的最佳方法是什么?
感谢您的阅读,我感谢您的帮助:)
编辑:我粘贴了一些代码以使其更清晰,请注意 /town/addBuilding 是一个示例,下面的控制器名称和操作的名称不同。
现在,这是实际的应用程序控制器代码,它是我正在编码的浏览器游戏的一部分。
def checkQuest
if TavernQuest.hasQuest(current_user)
quest = TavernQuest.getQuest(current_user)
if quest.end_time < Time.now # get quest info and check if the quest has been completed
TavernQuest.deleteQuest(current_user)
redirect_to :controller => 'tavern', :action => 'monsterAttack'
end
end
end
酒馆控制器操作只是我想要执行的纯代码,但前提是重定向发生在应用程序控制器内部。
I have a situation where i need to prevent users from explicitly calling say /town/addBuilding. Town is my controller and addBuilding is the action that is executed.
Now, the thing is that this action should only be executed in my program's code and not by a user requesting to execute it. Moreover, this action is executed like a callback. In my application_controller, when some condition is met, the controller action is triggered and there is a redirection. In php, a simple guard like defining a guard and checking against it would be enough. Is there an equivalent thing in rails and if so, what is the best way to implement it ?
Thanx for reading and i appreciate your help :)
EDIT: I'm pasting some code to make it clearer, note that /town/addBuilding was an example, the controller names and actions below are differently named.
Now, that is the actual application controller code, it is part of a browser game that i'm coding.
def checkQuest
if TavernQuest.hasQuest(current_user)
quest = TavernQuest.getQuest(current_user)
if quest.end_time < Time.now # get quest info and check if the quest has been completed
TavernQuest.deleteQuest(current_user)
redirect_to :controller => 'tavern', :action => 'monsterAttack'
end
end
end
The tavern controller action is just the plain code that i want to execute, but only if the redirection happens inside the application controller.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
看来您正在尝试将逻辑放入实际上应该属于模型或库的控制器中。
我为什么这么说:除了 current_user 和重定向之外,所有代码都与您的模型(知识应该在的地方)而不是您的控制器更相关。您的模型知道用户的任务何时过期。
示例实现:
在你的控制器中你只需要写
It seems that you are trying to put logic into a controller which actually should belong in a model or a library.
Why do i say this: aside from the current_user and the redirect, all the code is more related to your model (where the knowledge should be) and not your controller. Your model knows when a user's quest is expired.
Example implementation:
and in your controller you just need to write
将 addBuilding 方法放在以 protected 开头的行下,如下所示
享受吧!
编辑: 除此之外,您可能还想在控制器中使用 before_filter ...我很快就会发布确切的语法。
method_name 是可以访问 :addBuilding 的方法,添加此行后没有其他方法可以访问此方法。
编辑:好的,所以根据您提供的信息,
protected< /code> 不会起作用,因为如果我们将您的秘密操作置于
受保护
之下,则只有tavern
控制器才能访问它。编辑:请考虑使用会话来检查用户在尝试执行
monsterAttack
操作时是否具有有效会话。Put the addBuilding method under a line that starts with protected, as follows
Enjoy!
EDIT: In addition to this you might also wanna use the before_filter in your controllers... I'll post the exact syntax soon.
method_name is the method from which :addBuilding can be accessed, no other method can access this method after adding in this line..
EDIT: Ok, so based on the info you provided,
protected
wont work since if we put your secret action underprotected
only thetavern
controller will have access to it.EDIT: Please consider using Sessions to check if the users have a valid session when they try to to execute the
monsterAttack
action..