允许匿名/来宾用户“尝试”功能，无需在Rails / Devise / CanCan应用程序中注册 [英] Allow anonymous/guest user to "try out" functionality without registering in Rails/Devise/CanCan app

问题描述

我正在使用Devise和CanCan开发一个Rails 3应用程序。

I'm developing a Rails 3 app using Devise and CanCan.

该应用允许匿名（未注册）用户访问某些应用程序和注册用户访问其他部分。

The app allows anonymous (not registered) users to access some of the app, and registered users to access other parts.

应用程序的一个方面（瑜伽锻炼应用程序）是用户可以通过将瑜伽姿势串在一起来创建瑜伽序列，然后可以播放他们在视频播放器中。

One aspect of the app (a yoga workout app) is that users can create Yoga sequences by stringing together yoga poses, then they can play them back in a video player.

我目前拥有注册用户的所有功能，但现在希望允许匿名用户创建一个序列，然后播放，但是要保存（即可以在任何后续会话中再次使用它），他们需要注册。

I currently have all the functioning for registered users, but now want to allow anonymous users to be able to create a sequence, and play it back, but to "save" it (ie. be able to use it again on any subsequent session), they need to register.

目前，这需要实际创建一个序列模型实例属于一个用户（简化如下）

Currently, this requires the actual creation of a Sequence model instance, which belongs to a User (simplified below)

class Sequence < ActiveRecord::Base

  validates_presence_of :name
  validate :status_must_be_private_if_user_nil

  # Associations
  has_many :ordered_asana_sequences, :class_name => "OrderedAsanaSequence", :order => 'position ASC', :dependent => :destroy
  has_many :asanas, :through => :ordered_asana_sequences

  belongs_to :user


  def status_must_be_private_if_user_nil
  errors.add(:status, "must be private is user is nil") if
    user == nil and status != :private
  end
end

但是，当然，匿名用户没有用户模型。

But, of course, Anonymous users do not have a User model.

我有一些被黑客攻击的东西，其中Sequences DO属于用户，但它不是强制性的user_id可以为零，如上图所示），通过CanCan保护编辑的能力：

I have sort of hacked something up where Sequences DO belong to Users, but its not mandatory (user_id can be nil, as you can see above), and the ability to edit is secured through CanCan:

class Ability
    {snip}
    # A guest can play with creating sequences
    can :create, [Sequence]
    # A guest can edit/update their own Sequences
    can :update, [Sequence], :user_id => user.id
end

但是，这意味着任何匿名用户（user_id = nil）可以编辑任何其他匿名用户的序列。我猜这不是世界的尽头，但是我更希望它更安全。

But, this means that any anonymous user (user_id = nil) can edit any other anonymous user's sequences. Which, I guess isn't the end of the world, but, I would prefer it to be more secure.

• 如果访客用户去制作序列，生成电子邮件和密码，并注册此访客用户。然后将新的序列模型分配给新的用户。如果用户决定注册真实，只需使用新的电子邮件和密码更新现有的用户记录。


• 优点：需要在注册过程中处理它。


• 缺点：可能会导致许多死亡用户帐户， li>
  

• If a guest user goes to make a sequence, generate an email and password and 'register' this "guest" user. Then assign the new sequence model to this new user. If the user decides to register for real, just update the existing user record with the new email and password.
• Advantages: Very few changes to existing app - only need to deal with it in the "registration" process.
• Drawbacks: may end up with lots of dead user accounts that I need to sweep up after

• 如果访客用户要进行排序，当他们想要保存时，将其拍摄到将序列化模型并将其存储在会话中的控制器方法。然后，序列播放器，我猜，序列编辑器可以选择从会话而不是数据存储拉它


• 优点：没有创建用户帐户客人，所以不需要清理。没有必要处理修改能力，因为客人不会从数据存储区获取模型，而是从他们的会话中获取模型。


• 缺点：似乎是黑客。在应用程序中需要很多接触点才能确定从哪里获取序列号。更高的错误潜力

• If a guest user goes to make a sequence, when they want to "save" it, shoot it to a controller method that serializes the model and stores it in the session. Then, the Sequence player and, I guess, the Sequence Editor can optionally pull it from the session instead of the Datastore
• Advantages: No creation of user accounts for guests, so no need for cleanup. No need to deal with modifying Abilities, as the guest won't be fetching models from the Datastore, but from their session.
• Disadvantages: Seems hacky. Will need a lot of touchpoints in the app to determine where to get the sequence from. Higher potential for bugs

• 优点：这将是辉煌的


• 缺点： strong>不知道该怎么做。

• Advantages: It will be brilliant
• Disadvantages: No clue what to do.

我希望有一些我在Devise中看不到的东西（可能是可邀请的？ ），这将是更干净，然后滚动所有自己。

I'm hoping that there's something I haven't seen in Devise (inviteable, perhaps?) that would be cleaner then rolling it all myself.

或者，有没有任何建议这个问题？这似乎是一个相对常见的要求，但无法发现任何指导。

Or, does anybody have any suggestions for this problem? This seems like a relatively common requirement, but was unable to unearth any guidance.

谢谢！

推荐答案

在Ryan的CanCan介绍中，他提供以下建议：

In Ryan's introduction to CanCan he offers the following suggestion:

为网站上的访客用户在内存中创建一个新的用户对象，但是不要保存这样，您需要关联到用户的所有功能仍然可以正常工作，但不会保存。

Make a New User object in memory for guest users on the site, but don't save it. This way all of your functions that need to associate to a user will still work, but they won't save.

请参阅railscast这里： http://railscasts.com/episodes/192-authorization-with-cancan

See the railscast here: http://railscasts.com/episodes/192-authorization-with-cancan

Ryan的代码示例是：

Ryan's code example is:

class Ability  
  include CanCan::Ability  

  def initialize(user)  
    user ||= User.new # This initializer is creating your memory-only guest users

    if user.role? :admin  
      can :manage, :all  
    else  
      can :read, :all  
      can :create, Comment  
      can :update, Comment do |comment|  
        comment.try(:user) == user || user.role?(:moderator)  
      end  
      if user.role?(:author)  
        can :create, Article  
        can :update, Article do |article|  
          article.try(:user) == user  
        end  
      end  
    end  
  end  
end

所以，在您的应用程序中，如果您使用这种方法，那么在您的视图中，您可以检查 current_user.new_record？，并为注册用户和客人提供不同的保存按钮。

So, in your app if you used this approach, then in your view you could check for current_user.new_record?, and rendering a different "save" button for registered users versus guests.

您可以使这很简单（避免将其存储在会话等中）在序列创建页面上提供隐藏的帐户注册表单。然后，只需让您的保存按钮显示客户创建表单，并在提交表单时同时提交用户注册和序列创建。

You could make this pretty simple (avoiding storing this in session etc.) by providing a hidden account signup form on the sequence creation page. Then just make your "save" button for guests reveal the account creation form, and when they submit that form they're submitting a user registration and a sequence creation at the same time.

然后所有的序列＃创建需要做的操作就是这样：

Then all your Sequences#create action needs to do is something like:

...
current_user.update_attributes(params[:user]) if current_user.new_record?

if current_user.sequences.create(params[:sequence])
   redirect_to ...
else
   render ...
end
...

您需要将其转换为工作代码，但我有信心想法会奏效。

You'll need to turn that into working code but I'm confident the basic idea would work.

祝你好运！

这篇关于允许匿名/来宾用户“尝试”功能，无需在Rails / Devise / CanCan应用程序中注册的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！