为什么我无法访问 Rails 3 中从 filter_access_to 语句中遗漏的控制器操作?
我正在使用 declarative_authorization,并且控制器中有以下内容:
filter_access_to :index, :new, :edit, :step, :create, :update, :destroy
遗漏了两个操作。 :显示,:比较。但是,当我访问其中任一操作的 URL 时,它会将我发送到登录屏幕。
这是为什么呢?
考虑到该控制器上没有其他过滤器(除了从ApplicationsController继承的任何内容),被遗漏的操作是否应该允许我在未登录时看到它?
I am using declarative_authorization and I have the following in a controller:
filter_access_to :index, :new, :edit, :step, :create, :update, :destroy
There are two actions left out. :show, :compare. However, when I go to the URL for either of those actions, it sends me to the login screen.
Why is this ?
Shouldn't the actions that were left out, allow me to see it when I am not logged in, given that there are no other filters on that controller (except for maybe anything inherited from the ApplicationsController) ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这不应该与 declarative_authorization 有关...那是 Devise 的(或任何您的身份验证机制)域。相反,修改检查用户是否经过身份验证的 before_filter 以包含您要跳过的操作的例外。
例如。将
before_filter :authenticate_user!更改为before_filter :authenticate_user!, : except=>[:public_action, :other_public_action]。另外,如果您的 before_filter 设置在您的应用程序控制器内,您可以在您想要例外的控制器内覆盖它并在那里进行修改。
That shouldn't have to do with declarative_authorization ... thats Devise's (or whatever your authentication mechanism is) domain. Instead, modify the before_filter that checks if the user is authenticated to include an exception for the action(s) you want skipped.
eg. change
before_filter :authenticate_user!tobefore_filter :authenticate_user!, :except=>[:public_action, :other_public_action].Also, if your before_filter is set inside your application controller, you can just override it inside of the controller you want to have the exception(s) and make the mods there.