0
邁克·哈特對添加授權教程中介紹的下面的代碼(link原來的代碼清單)。爲什麼方法update致電sign_in @user。這對我來說似乎是多餘的,因爲before_filter :correct_user應該保證客戶端已登錄,因爲方法correct_user中的current_user?(@user)。更新授權(Ruby on Rails的教程)
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:edit, :update]
before_filter :correct_user, only: [:edit, :update]
.
.
.
def edit
end
def update
if @user.update_attributes(params[:user])
flash[:success] = "Profile updated"
sign_in @user
redirect_to @user
else
render 'edit'
end
end
.
.
.
private
def signed_in_user
redirect_to signin_url, notice: "Please sign in." unless signed_in?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
end
啊,你是對的。在用戶模型保存後,我忘記了remember_token的更改。 – user782220 2013-04-06 00:28:22