RoR |设计重定向循环,因为cancan可以授权 [英] RoR | Devise redirect loop because of cancan authorize
本文介绍了RoR |设计重定向循环,因为cancan可以授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hers是我的application.rb
Hers is my application.rb
class ApplicationController < ActionController::Base
protect_from_forgery
rescue_from CanCan::AccessDenied do |exception|
flash[:error] = "You must first login to view this page"
session[:user_return_to] = request.url
redirect_to "/users/sign_in"
end
end
如果AccessDenied为抛出并且用户没有登录(工作很好),但是一旦登录,它将导致重定向循环,如果登录但未被cancan授权,因为登录页面将通过会话将其重定向回到用户[ :user_return_to] = request.url。
This will redirect the use to the login page if the AccessDenied is throw and the user is not logged in ("works nicely"), but once logged in it will cause a redirect loop if logged in but not authorized by cancan since the login page will just redirect them back to the user right back via session[:user_return_to] = request.url.
问题是:如果用户登录但未被授权,该如何处理此逻辑。
The question is: how do I handle this logic if the user is logged in but not authorized.
推荐答案
我添加了一些条件来使这项工作。
I added a little condition to make this work.
class ApplicationController < ActionController::Base
protect_from_forgery
#Redirects to login for secure resources
rescue_from CanCan::AccessDenied do |exception|
if user_signed_in?
flash[:error] = "Not authorized to view this page"
session[:user_return_to] = nil
redirect_to root_url
else
flash[:error] = "You must first login to view this page"
session[:user_return_to] = request.url
redirect_to "/users/sign_in"
end
end
end
这篇关于RoR |设计重定向循环,因为cancan可以授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文