rails 3:使用设备进行身份验证,还可以使用guid而不是登录来访问报告页面 [英] rails 3: using devise for authentication, how to ALSO allow access to a report page with a guid instead of login
问题描述
我的rails 3应用程序只需要每个帐户一个用户登录(例如,没有角色)。我正在使用Devise,并非常高兴。
但是我的用户需要能够与其他经理分享几个屏幕(状态报告)不需要或想要登录帐户...
我正在考虑为每个这样的外部报告(每个帐户+报告唯一)创建和存储一个guid链接如
http://myapp.mydomain.com/pagename?token=GUID_GOES_HERE
将访问该页面(但只有该页面)
问题: / p>
a)有一种方法允许登录的帐户用户访问页面,但还允许guid绕过设计认证
b)是否有更好的方式为帐户用户(例如,区域经理)与未登录的用户(例如商店经理)分享某些报告屏幕?
如果这些页面不需要登录,那么他们不是真正的公共页面?听起来像我应该创建一个不需要登录但需要令牌的新控制器。路线可能是这样的,
get'public_reports /:token'=> 'public_reports#view'
控制器操作会根据令牌发现报表,并呈现适当的视图。
class PublicReport< ApplicationController
skip_before_filter:authenticate_user !,:only => [:view]
def view
@report = Report.find_by_token(params [:token])
如果@report
#render view ...
else
#render report_missing view
end
end
end
My rails 3 app only needs a single user login per account (e.g., no roles). I'm using Devise and am very happy with it.
But my users needs to be able to share a few of the screens (status reports mostly) with other managers who do not need or want login accounts...
I was thinking of creating and storing a guid for each such 'external' report (unique for each account+report) so a link such as
http://myapp.mydomain.com/pagename?token=GUID_GOES_HERE
would access that page (but ONLY that page)
Questions:
a) is there a way to allow the logged-in account user to access a page but ALSO allow a guid to bypass the devise authentication
b) is there a better way for account Users (say, a regional manager) to share certain report screens with non-logged-in users (say, store managers)?
If those pages do not require login then they aren't they truly public pages? Sounds to me like you should create a new controller that does not require login but requires the token. the route could be something like,
get 'public_reports/:token' => 'public_reports#view'
And the controller action would find that report based off the token and render the appropriate view..
class PublicReport < ApplicationController
skip_before_filter :authenticate_user!, :only => [:view]
def view
@report = Report.find_by_token(params[:token])
if @report
#render view...
else
#render report_missing view
end
end
end
这篇关于rails 3:使用设备进行身份验证,还可以使用guid而不是登录来访问报告页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!