Cancan + Devise rescue_from不捕捉异常 [英] Cancan + Devise rescue_from not catching exception

问题描述

我正在使用Devise和Cancan进行用户身份验证和权限。一切都很好，除非我们不能将用户重定向到登录页面，因为他们不允许访问特定功能。

我的测试是：

 功能'已登录用户'do 
 before（：each）do 
 user = FactoryGirl.create（用户）
访问/ login
 fill_inuser_email，：with => user.email 
 fill_inuser_password，：with => ilovebananas
 click_button登录
结束
 
场景不应该访问管理员信息板'do 
访问'/ admin'
页面.should have_content'登录'
 end 
 end 
  

我得到以下失败：

 失败：
 1）登录用户不应该访问管理控制台
失败/错误：访问'/ admin'
 CanCan :: AccessDenied：
您无权访问此页面。要清楚的是，我所有的权限管理工作到目前为止都是如此，除了重定向到登录页面。 
 
 
 
 
 
 
以下是如何设置：
 
 
 
  ApplicationController： 
  check_authorization：unless => ：devise_controller？ ＃Cancan 
 
 rescue_from CanCan :: AccessDenied do | exception | 
 redirect_to login_path，alert：exception.message 
 end 
  
  UsersController  
  class UsersController< ApplicationController 
 load_and_authorize_resource＃Cancan 
 def queue 
 ... 
 end 
 
 ... 
 end 
  
  AdminsController  
  class AdminController< ActionController :: Base 
 authorize_resource：class => false＃Cancan，因为AdminController没有关联的模型使用
 ... 
 end 
  
  ability.rb  
  class能力
包含CanCan ::能力
 
 def initialize（user）
 user || = User.new＃guest用户，未登录
可以：queue，User 
 
如果用户.has_permission？ ：super_admin 
可以：管理，全部
 elsif user.has_permission？ ：network_admin 
 
 end 
 end 
 end 
  
我缺少什么？
解决方案
我的管理员控制器不是< ApplicationController，所以没有加载ApplicationController rescue_from方法。 
 
 
 
使更改解决了我的问题。
 
I am implementing Devise and Cancan for user authentication and permissions. Everything works great so far except I am not able to redirect users to the login page when they are not allowed to access a specific feature.

My test is:
feature 'A signed in user' do
  before(:each) do
    user = FactoryGirl.create(:user)
    visit "/login"
    fill_in "user_email", :with => user.email
    fill_in "user_password", :with => "ilovebananas"
    click_button "Sign in"
  end

  scenario 'should not have access to admin dashboard' do
    visit '/admin'
    page.should have_content 'Log in'
  end
end
And I get the following failure:
Failures:
      1) A signed in user should not have access to admin dashboard
         Failure/Error: visit '/admin'
         CanCan::AccessDenied:
         You are not authorized to access this page.
To be clear, all my permission management works as expected so far, except the redirection to login page.



Here is how things are set up:

ApplicationController:
check_authorization :unless => :devise_controller? # Cancan

rescue_from CanCan::AccessDenied do |exception|
  redirect_to login_path, alert: exception.message
end
UsersController
class UsersController < ApplicationController
  load_and_authorize_resource         # Cancan
  def queue  
    ...
  end

  ...
end
AdminsController
class AdminController < ActionController::Base
  authorize_resource :class => false # Cancan, used because AdminController doesn't have an associated model
  ...
end
ability.rb
class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user, not logged in
    can :queue, User

    if user.has_permission? :super_admin
      can :manage, :all
    elsif user.has_permission? :network_admin

    end      
  end
end
What am I missing?
解决方案
My Admins Controller was not < ApplicationController, so it did not load the ApplicationController rescue_from method. 

Making the change solved my issue.

                        
这篇关于Cancan + Devise rescue_from不捕捉异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！