這是一個Rails應用程序,我已經實現authentiction控制器與1個視圖除外這樣我在這個Authenticaton實現中丟失了什麼?
before_filter :authenticate, except: [:new]
認證控制器內工作的偉大。
允許.............
localhost:3000/softruns/new
公衆視野,並做不允許公衆視野.............
localhost:3000/softrunss/1/edit
localhost:3000/softruns <---- index page
問題是當用戶提交localhost:3000/softruns/new表單時,它會觸發認證。 我甚至在成功提交後將用戶重定向到home/index.html頁面。
我可能會錯過什麼?
這裏是我的softruns_controller.rb
require 'digest/sha2'
class SoftrunsController < ApplicationController
before_filter :authenticate, except: [:new]
before_action :set_softrun, only: [:show, :edit, :update, :destroy]
# GET /softruns
# GET /softruns.json
def index
@softruns = Softrun.all
end
# GET /softruns/1
# GET /softruns/1.json
def show
end
# GET /softruns/new
def new
@softrun = Softrun.new
end
# GET /softruns/1/edit
def edit
end
# POST /softruns
# POST /softruns.json
def create
@softrun = Softrun.new(softrun_params)
respond_to do |format|
if @softrun.save
format.html { redirect_to root_path, notice: 'Softrun was successfully created.' }
format.json { render action: 'show', status: :created, location: @softrun }
else
format.html { render action: 'new' }
format.json { render json: @softrun.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /softruns/1
# PATCH/PUT /softruns/1.json
def update
respond_to do |format|
if @softrun.update(softrun_params)
format.html { redirect_to @softrun, notice: 'Softrun was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @softrun.errors, status: :unprocessable_entity }
end
end
end
# DELETE /softruns/1
# DELETE /softruns/1.json
def destroy
@softrun.destroy
respond_to do |format|
format.html { redirect_to softruns_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_softrun
@softrun = Softrun.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def softrun_params
params.require(:softrun).permit(:soft_email, :soft_twitter, :prim_session)
end
private
def authenticate
userhash = { }
User.all.each do |user|
userhash.store(user.username, user.password)
end
authenticate_or_request_with_http_digest("localhost") do |username|
userhash[username]
end
end
end
'authenticate' ...對我來說似乎很奇怪。當**任何用戶**需要**任何需要驗證的操作**時,您正在與**所有用戶**進行特定操作。爲什麼?這背後有什麼想法? – 2014-11-03 21:13:18