对于correct_user和管理多重的before_filter语句 [英] Multiple before_filter statements for correct_user and admin
问题描述
我有我试图设置了适当的授权组的资源。
我想实现的授权逻辑是这样的:
- 只有小组成员应能查看他们的小组。
- 管理员可以查看的任何的组,以及采取其他行动。
我试图与该集团控制下的before_filter语句来做到这一点:
的before_filter:signed_in_user
的before_filter:correct_user,只有:秀
的before_filter:管理员用户名,只:[:秀:指数:编辑:更新:灭]
Correct_user工程,我已经验证,只有群组成员可以查看他们的小组。不过,我希望发生的就是admin:展会条款来覆盖这一点,从而使管理员可以查看任何一组。目前,这是行不通的。我猜我有话跟我的过滤和排序选项错在这里。
谁能告诉我在哪里,我已经错了?
修改
每阿马尔的请求添加我的方法code:
私人高清correct_user
#用户必须是查看成员
@group = Group.find(PARAMS [:ID])
redirect_to时(root_path)如果@ group.members.find_by_member_id(CURRENT_USER).nil?
结束高清管理员用户名
redirect_to时(root_path),除非current_user.admin?
结束
更新correct_user方法或者创建具有以下定义的另一种方法,从其他过滤器去除秀和新方法添加的before_filter。
高清correct_user
@group = Group.find(PARAMS [:ID])
redirect_to时(root_path)如果@ group.members.find_by_member_id(CURRENT_USER).nil? &功放;&安培; !current_user.admin?
结束
I have a Group resource that I'm trying to set up with proper authorizations.
The authorization logic I'm trying to implement is this:
- Only group members should be able to view their group.
- An admin can view any group, as well as take other actions.
I'm attempting to do this with the following before_filter statements in the group controller:
before_filter :signed_in_user
before_filter :correct_user, only: :show
before_filter :admin_user, only: [:show, :index, :edit, :update, :destroy]
Correct_user works as I have verified that only group members can view their group. However, what I want to happen is for the admin :show clause to override this, so that an admin can view any group. Currently that is not working. I'm guessing I have something wrong here with my filter ordering and options.
Can someone tell me where I've gone wrong?
EDIT
Adding my method code per Amar's request:
private
def correct_user
# User has to be a member to view
@group = Group.find(params[:id])
redirect_to(root_path) if @group.members.find_by_member_id(current_user).nil?
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
Update the correct_user method or create another method with the following definition, remove show from other filter and add before_filter with new method.
def correct_user
@group = Group.find(params[:id])
redirect_to(root_path) if @group.members.find_by_member_id(current_user).nil? && !current_user.admin?
end
这篇关于对于correct_user和管理多重的before_filter语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!