Cancan + Devise rescue_from不捕捉异常 [英] Cancan + Devise rescue_from not catching exception
问题描述
我正在使用Devise和Cancan进行用户身份验证和权限。一切都很好,除非我们不能将用户重定向到登录页面,因为他们不允许访问特定功能。
我的测试是:
功能'已登录用户'do
before(:each)do
user = FactoryGirl.create(用户)
访问/ login
fill_inuser_email,:with => user.email
fill_inuser_password,:with => ilovebananas
click_button登录
结束
场景不应该访问管理员信息板'do
访问'/ admin'
页面.should have_content'登录'
end
end
我得到以下失败:
失败:
1)登录用户不应该访问管理控制台
失败/错误:访问'/ admin'
CanCan :: AccessDenied:
您无权访问此页面。要清楚的是,我所有的权限管理工作到目前为止都是如此,除了重定向到登录页面。
以下是如何设置:
ApplicationController:
check_authorization:unless => :devise_controller? #Cancan
rescue_from CanCan :: AccessDenied do | exception |
redirect_to login_path,alert:exception.message
end
UsersController
class UsersController< ApplicationController
load_and_authorize_resource#Cancan
def queue
...
end
...
end
AdminsController
class AdminController< ActionController :: Base
authorize_resource:class => false#Cancan,因为AdminController没有关联的模型使用
...
end
ability.rb
class能力
包含CanCan ::能力
def initialize(user)
user || = User.new#guest用户,未登录
可以:queue,User
如果用户.has_permission? :super_admin
可以:管理,全部
elsif user.has_permission? :network_admin
end
end
end
我缺少什么?
解决方案我的管理员控制器不是< ApplicationController,所以没有加载ApplicationController rescue_from方法。
使更改解决了我的问题。
I am implementing Devise and Cancan for user authentication and permissions. Everything works great so far except I am not able to redirect users to the login page when they are not allowed to access a specific feature.
My test is:
feature 'A signed in user' do
before(:each) do
user = FactoryGirl.create(:user)
visit "/login"
fill_in "user_email", :with => user.email
fill_in "user_password", :with => "ilovebananas"
click_button "Sign in"
end
scenario 'should not have access to admin dashboard' do
visit '/admin'
page.should have_content 'Log in'
end
end
And I get the following failure:
Failures:
1) A signed in user should not have access to admin dashboard
Failure/Error: visit '/admin'
CanCan::AccessDenied:
You are not authorized to access this page.
To be clear, all my permission management works as expected so far, except the redirection to login page.
Here is how things are set up:
ApplicationController:
check_authorization :unless => :devise_controller? # Cancan
rescue_from CanCan::AccessDenied do |exception|
redirect_to login_path, alert: exception.message
end
UsersController
class UsersController < ApplicationController
load_and_authorize_resource # Cancan
def queue
...
end
...
end
AdminsController
class AdminController < ActionController::Base
authorize_resource :class => false # Cancan, used because AdminController doesn't have an associated model
...
end
ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user, not logged in
can :queue, User
if user.has_permission? :super_admin
can :manage, :all
elsif user.has_permission? :network_admin
end
end
end
What am I missing?
解决方案 My Admins Controller was not < ApplicationController, so it did not load the ApplicationController rescue_from method.
Making the change solved my issue.
这篇关于Cancan + Devise rescue_from不捕捉异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!