绕过特定记录的公开授权的最佳方式是什么? [英] What is the best way to bypass devise authorization for a specific record marked public
本文介绍了绕过特定记录的公开授权的最佳方式是什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
布尔标志 public 的事件模型。如果事件被标记为 public => true ,那么我希望任何人登录或不能使用
GET / events /:id
如果标记为 public => false ,那么一系列cancan能力将决定授权和访问上述资源。
实现此目的的最佳模式是什么? / p>
解决方案
你可以通过跳过authenticate_user来做到这一点!如果你有这个参数
skip_before_filter:authenticate_user !,:only => :show,if => lambda {
如果params [:id]
@event = Event.find(params [:id])
@event和@ event.public?
else
false
end
}
I'm using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public => true then I want anybody, signed in or not to be able to access the record with
GET /events/:id
If it is marked as public => false then a series of cancan abilities will decide authorization and access to the above resource.
What is the best pattern for achieving this?
解决方案
You can do that by skip the authenticate_user! in case of you have this args
skip_before_filter :authenticate_user!, :only => :show, :if => lambda {
if params[:id]
@event = Event.find(params[:id])
@event and @event.public?
else
false
end
}
这篇关于绕过特定记录的公开授权的最佳方式是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文