before_filter 与设计 [英] before_filter with devise

问题描述

我正在使用 Devise 的内置 before_filter :authenticate_user!.如果用户未通过 before 过滤器(尝试在注销时执行操作)，我想在我的应用程序助手中调用我自己的自定义方法.我可以如何以及在何处执行此操作?

解决方案

我会编写一个使用 user_signed_in? 的自定义前置过滤器.这将只返回一个布尔值，而不会执行 authenticate_user! 所做的任何重定向类型的操作.

所以，你可以像这样写一个前置过滤器:

before_filter :custom_user_auth...def custom_user_auth除非 user_signed_in?# 做自定义的东西，最终限制访问# ...受保护的资源(如果需要)结尾结尾

请注意，除非该 unless 语句的内部区域重定向或呈现，否则此 before 过滤器不会保护您的资源免受未经授权的用户的攻击.<​​/p>

I'm using Devise's built in before_filter :authenticate_user!. I want to call my own custom method in my application helper if a user fails the before filter (tries to do an action when logged out). How and where can I do this?

解决方案

I would write a custom before filter that uses user_signed_in?. This will just return a boolean, and not do any of the redirect-type actions that authenticate_user! does.

So, you could write a before filter like this:

before_filter :custom_user_auth
...
def custom_user_auth
    unless user_signed_in?
        # Do custom stuff, ultimately restricting access to the 
        # ...protected resource if it needs to be
    end
end

Do note that this before filter won't protect your resource from unauthorized users unless the inside area of that unless statement redirects or renders.

这篇关于before_filter 与设计的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！