使用用户或管理模式和Basecamp样式子域名设计登录 [英] Devise login with user or admin models and Basecamp style subdomains

问题描述

对于Devise用户和管理员，我有不同的模型。我也使用Basecamp风格的子域名。一切都很好，除了几个控制器和动作，我需要能够作为用户或管理员进行身份验证。

目前我有authenticate_user！设置在我的application_controller.rb中，我用skip_before_filter跳过这些控制器和只有管理员可以访问的操作。

不幸的是，我不能简单地指定认证要求每个控制器，我仍然需要一些控制器和操作来访问用户或管理员。

我已经尝试了一些事情无济于事。看来如果我移动authenticate_user！和authenticate_admin！进入某种无法处理的子域检测逻辑。基本上：

  current_subdomain = request.subdomains.first 
如果current_subdomain =='admin'
 authenticate_admin！ 
 else 
 authenticate_user！ 
 end 
  

我曾经有一次能够尝试身份验证，但是有一些原因，除了会话控制器不需要认证，导致重定向循环（对于我来说是Ruby的第一个）。

我意识到我可以添加我的用户的一个字段表示管理员状态，但除了几个控制器和操作之外，应用程序需要比用户和管理员之间更大的权力分配。

• Ruby 1.9.2


• Rails 3.0.3


• Devise 1.1.3

解决方案

尝试在

 ＃application_controller.rb 
 def authenticate_any！ 
 if admin_signed_in？ 
 true 
 else 
 authenticate_user！ 
 end 
 end 
  

然后在控制器中你想要管理员和用户能够通过身份验证使用

 ＃myobject_controller.rb 
 before_filter：authenticate_any！ 
  

如果您以管理员身份登录，那么您将传递before_filter，否则您将通过authenticate_user ！这是默认行为。

I have separate models for Devise users and admins. I am also using Basecamp style subdomains. Everything is working well except for a few controllers and actions where I need to be able to authenticate as either a user or as an admin.

Currently I have authenticate_user! set in my application_controller.rb and I am skipping it with skip_before_filter for those controllers and actions that only admins should have access to.

Unfortunately I cannot simply specify the authentication requirement on each controller as I will still need some controllers and action to be access by both a User or an Admin.

I have tried a few things to no avail. It seems that if I move the authenticate_user! and authenticate_admin! into some sort of subdomain detection logic it fails to process. Basically:

current_subdomain = request.subdomains.first    
if current_subdomain == 'admin'
 authenticate_admin!
else
 authenticate_user!
end

I was, at one point, able to get it to attempt authentication but for some reason it was failing to except the session controller from needing authentication which resulted in a redirection loop (a first for me with Ruby!).

I realize that I could add a field to my User that denotes admin status, but the application requires a greater separation of powers between User and Admin than that will allow, except for a few controllers and actions.

• Ruby 1.9.2
• Rails 3.0.3
• Devise 1.1.3

解决方案

Try writing your own before filter along the lines of

#application_controller.rb
def authenticate_any!
    if admin_signed_in?
        true
    else
        authenticate_user!
    end
end

then in the controller where you want both admins and user to be able to have access through authentication use

#myobject_controller.rb
before_filter :authenticate_any!

If you have logged in as an admin then you will pass the before_filter, otherwise you will go through authenticate_user! which is the default behaviour.

这篇关于使用用户或管理模式和Basecamp样式子域名设计登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！