我有一個應用程序,用戶可以提名一個可以查看其賬戶的密鑰持有者。我有一個before_filter,意思是隻有賬戶持有人或他們的鑰匙持有者才能查看他們的賬戶。此代碼適用於查看用戶主頁的任何人,但我無法進一步做任何事情 - 我當前以密鑰持有者身份登錄,並且無法註銷,或者向任一帳戶添加「註釋」(現在鑰匙持有人可以無限制地訪問他們自己的賬戶和鑰匙持有人)。請任何人都可以幫忙?rails before_filter阻止訪問控制器
的是的before_filter:
def correct_user
@user = User.find(params[:id])
unless (@user && current_user.id == @user.id) || (([email protected])&&([email protected]_id))
redirect_to root_path
end
end
,並試圖例如,當我收到錯誤創建一個需要注意的是:
ActiveRecord::RecordNotFound in NotesController#new
Couldn't find User without an ID
它指的是在對的before_filter @user線。
當我作爲鑰匙持有人登錄後,我可以查看主頁,但除此之外什麼也不做?謝謝!
UPDATE:
更新的before_filter(在application_controller.rb):
def correct_user
if params[:id]
@user = User.find(params[:id])
unless (@user && current_user.id == @user.id) || (([email protected])&&([email protected]_id))
redirect_to root_path
end
else
redirect_to root_path
end
end
上說明創建
控制檯輸出:
Started POST "/notes" for 127.0.0.1 at 2013-02-28 14:10:49 +0000
Processing by NotesController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"qMDHQAoC4l3Be5YZKSH1AJ9E5zS1D
kMNCW2KzUZ38gM=", "note"=>{"user_id"=>"16", "content"=>""}, "commit"=>"Update Note"}
Redirected to http://localhost:3000/
Filter chain halted as :correct_user rendered or redirected
Completed 302 Found in 98ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2013-02-28 14:10:49 +0000
Processing by PublicController#index as HTML
←[1m←[36mUser Load (3.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users
"."id" = 16 LIMIT 1←[0m
Rendered public/index.html.erb within layouts/application (5.0ms)
←[1m←[36mTimeline Load (3.0ms)←[0m ←[1mSELECT "timelines".* FROM "timelines"
WHERE "timelines"."user_id" = 16 LIMIT 1←[0m
←[1m←[36mMessageBoard Load (2.0ms)←[0m ←[1mSELECT "message_boards".* FROM "me
ssage_boards" WHERE "message_boards"."user_id" = 16 LIMIT 1←[0m
Rendered partials/_menuoptions.html.erb (53.0ms)
Completed 200 OK in 551ms (Views: 535.0ms | ActiveRecord: 16.0ms)
當你去的音符控制器,你沒有一個'PARAMS [:編號]'這是什麼造成的錯誤。 – jvnill 2013-02-28 13:45:02
爲什麼會出現該錯誤,爲什麼它也會阻止我註銷?該id甚至沒有傳遞給設計銷燬會話操作? – ecs 2013-02-28 13:47:19
你不能註銷,因爲之前的過濾器優先於銷燬會話 – jvnill 2013-02-28 13:49:47