2

所以我有 3 类用户:

admin
moderator
regular user

我将版主和管理页面锁定在一个控制器范围的系统中,如下所示:

def authorize
  unless User.find_by_id(session[:user_id]) and User.find_by_id(session[:user_id]).moderator == true
    redirect_to login_url, :notice => "Please log in with a moderator account"
  end
end

def authorize_admin
  unless User.find_by_id(session[:user_id]) and User.find_by_id(session[:user_id]).admin == 1
    redirect_to login_url, :notice => "Only admins can access the page you tried to access"
  end
end

但是我需要让普通用户访问多个控制器的编辑页面(当然还有更新操作)。但只需编辑和更新。

如果我做:

before_filter :authorize, :except => :edit

然后任何人(即使没有登录)都可以访问这些页面。

我将如何去做这样的事情?

编辑

根据 Thilo 的建议,我在 application_controller.erb 文件中添加了以下内容:

  def update_successful
    skip_before_filter :authorize
  end

在普通用户编辑条目后能够提供 update_successful 页面。但是我收到此错误:

undefined method `skip_before_filter' for #<HomeController:0x007ff782aeb6f0>
4

1 回答 1

2

您可以显式跳过任何全局应用过滤器:

skip_before_filter :authorize, :only => [:edit, :update]

或者首先不要将其应用于相关操作:

before_filter :authorize, :except => [:edit, :update]

编辑

要回答您的进一步问题:将其添加到您的应用程序控制器:

def upload_successful
end

This is an empty method that explicitly defines the action that so far as been implicitly be used by Rails when rendering the home/upload_successful.html.haml template. Then, remove authentication from that method by modifying your filter:

before_filter :authorize, :except => [:upload_successful]

Here's a good introduction to rendering in Rails - it helps to understand rendering by default, which is what your upload_successful template has been displayed without having a matching controller or action defined.

于 2012-04-19T15:25:41.710 回答