0

Mike Hart 关于添加授权的教程提供了以下代码(原始代码清单的链接)。为什么该方法update会调用sign_in @user. 这对我来说似乎是多余的,因为before_filter :correct_user应该保证客户端由于current_user?(@user)in 方法而登录correct_user

class UsersController < ApplicationController
  before_filter :signed_in_user, only: [:edit, :update]
  before_filter :correct_user,   only: [:edit, :update]
  .
  .
  .
  def edit
  end

  def update
    if @user.update_attributes(params[:user])
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user
    else
      render 'edit'
    end
  end
  .
  .
  .
  private

    def signed_in_user
      redirect_to signin_url, notice: "Please sign in." unless signed_in?
    end

    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_path) unless current_user?(@user)
    end
end
4

1 回答 1

0

因为用户在更新属性时被迫更新他们的密码,这将导致他们当前的登录无效。

于 2013-04-05T09:43:21.290 回答