Rails 教程 — 9.3.3 Current_User [英] Rails Tutorial — 9.3.3 Current_User
问题描述
所以我正在关注 Rails 教程,并且我'已经到了我们想要使用 sign_in SessionHelper 登录用户的部分.
So I'm following the Rails Tutorial, and I've gotten to the portion where we want to sign a user in with a sign_in SessionHelper.
问题 1:
module SessionsHelper
def sign_in(user)
cookies.permanent.signed[:remember_token] = [user.id, user.salt]
current_user = user
end
def current_user=(user) #set current_user
@current_user = user
end
def current_user #get current_user
@current_user
end
我遇到困难的是以下部分:
What I'm having difficulty with is the part that reads:
问题在于它完全无法解决我们的问题:使用该代码,用户的登录状态将被忘记:只要用户转到另一个页面.
The problem is that it utterly fails to solve our problem: with the code the user's signin status would be forgotten: as soon as the user went to another page.
我不明白这是怎么回事?我继续阅读并理解添加的代码确保@current_user 永远不会为零.但是如果我们只是在第 5 行建立它,我看不到 current_user 将如何恢复为 nil.
I don't understand how this is true? I read on and understand the added code makes sure @current_user is never nil. But I'm not seeing how current_user would revert to nil if we just established it in 5th line.
问题 2:
更新后的代码如下:
module SessionsHelper
def sign_in(user) #in helper because used in view & controller
cookies.permanent.signed[:remember_token] = [user.id, user.salt]
current_user = user
end
def current_user=(user) #set current_user
@current_user = user
end
def current_user #get current_user
@current_user ||= user_from_remember_token #<-- short-circuit evaluation
end
private
def user_from_remember_token
User.authenticate_with_salt(*remember_token) #*=use [] instead of 2 vars
end
def remember_token
cookies.signed[:remember_token] || [nil, nil]
end
end
在remember_token helper 中,为什么使用cookies.signed[] 而不是cookies.permanent.signed[] &为什么它不使用我们刚刚学到的 ||= 运算符?
In the remember_token helper, why does it use cookies.signed[] instead of cookies.permanent.signed[] & why doesn't it use ||= operator we just learned about?
问题 3:
为什么我们需要authenticate_with_salt?如果我认证 &sign_in 可以看到id &来自传递给它的用户的盐属性,为什么我们需要双重检查它?什么样的情况会引发混淆?
Why do we need to authenticate_with_salt? If I authenticate & sign_in can see the id & salt attributes from the user who was passed to it, why do we need to double_check it? What kind of situation would trigger a mixup?
推荐答案
请记住,像 @current_user
这样的实例变量仅在请求期间设置.控制器和视图处理程序实例是专门为一次性渲染而创建的.
Remember that instance variables like @current_user
are only set for the duration of the request. The controller and view handler instances are created specifically for rendering once and once only.
通常很容易假设,因为您在某处设置了一个变量,它会在未来的某个时间点继续工作,但事实并非如此.要在请求之间保留某些内容,您需要将其存储在某个地方,最方便的地方是 session
工具.
It is often easy to presume that because you've set a variable somewhere that it will continue to work at some point in the future, but this is not the case. To preserve something between requests you need to store it somewhere, and the most convenient place is the session
facility.
这个例子中缺少的东西是:
What's missing in this example is something along the lines of:
def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end
通常,最好使用写访问器来映射您作为示例给出的 sign_in
方法的功能:
Generally it's a good idea to use the write accessor to map out the functionality of the sign_in
method you've given as an example:
def current_user=(user)
cookies.permanent.signed[:remember_token] = [user.id, user.salt]
@current_user = user
end
奇怪的是,当分配当前用户的行为应该与暗示相同时,有一种特定的登录"方法.
It's odd that there is a specific "sign in" method when the act of assigning the current user should be the same thing by implication.
不过,从风格来看,当一个用户正在查看另一个用户时,调用这些方法 session_user
而不是 current_user
可能更有意义.根据您的观点,当前"可以表示我当前正在查看的用户"或我当前登录的用户",这会导致混淆.会话"更具体.
From a matter of style, though, it might be more meaningful to call these methods session_user
as opposed to current_user
for those situations when one user is viewing another. "Current" can mean "user I am currently viewing" or "user I am currently logged in as" depending on your perspective, which causes confusion. "Session" is more specific.
更新:
响应你的附录,使用cookies
读取和cookies.permanent
赋值的原因与使用flash.now
很相似code> 赋值,flash
读取..permanent
和 .now
部分旨在在执行赋值运算符时使用.
In response to your addendum, the reason for using cookies
to read and cookies.permanent
to assign is much the same as using flash.now
to assign, and flash
to read. The .permanent
and .now
parts are intended to be used when exercising the assignment operator.
这篇关于Rails 教程 — 9.3.3 Current_User的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!