我得到以下錯誤:權限Ruby Gem可以與註銷用戶一起使用嗎?
undefined method `can_read?' for nil:NilClass
..when試圖用登出用戶訪問產品頁面。目前,我有
class ProductAuthorizer < ApplicationAuthorizer
def self.readable_by?(user)
true
end
end
我想甚至允許未登錄的用戶查看頁面。這可能嗎?
我試圖改變默認的用戶方法:
config.user_method = :current_user ||= User.new
然而,這會導致問題,我的服務器將不會開始。
好吧,我發現這個在https://github.com/nathanl/authority/pull/32:
OK! For the sake of anyone else reading this issue, Chris and I chatted and agreed about the best way to proceed. Here's the gist of it.
Authority won't specially handle nil users or give a specific option to do so. We want to limit Authority to authorization and keep authentication totally separate. If there's no user signed in, that's an authentication concern; Authority can't meaningfully answer the question "can this user do X?" if it isn't given a user or something that quacks like one.
Besides the philosophical point, having authentication handle this is a better user experience. If an admin has forgotten to sign in and attempts some admin-only action, it would be confusing to them to say "access denied". It would be much more helpful to say "please sign in".
What developers using Authority can do is:
Have something like Devise's before_filter :authenticate_user! running prior to any Authority checks on the request (since any action that requires authorization clearly requires authentication). Have their user method return a NullUser object that quacks like a user, then have their authorizers know what to do with those What Authority can do is improve the error it gives you if you pass nil or anything else that doesn't quack like a user. Chris is going to implement this.
嗨,我只是把這個
class ApplicationController < ActionController::Base
def current_or_null_user
if current_user == nil
User.new
else
current_user
end
end
end
...
Authority.configure do |config|
config.user_method = :current_or_null_user
end