如何为访客用户正确配置Devise + Cancan [英] How to configure Devise+Cancan correctly for guest users

问题描述

在Rails 3.2应用程序中，我使用的是Devise + CanCan。该应用程序以前限制只访问登录用户。我正在添加一个访客用户/能力，可以阅读网站的某些部分。

In a Rails 3.2 app I'm using Devise + CanCan. The app previously restricted access to only logged in users. I'm in the process of adding a Guest user/ability that will be able to read certain sections of the site.

我无法理解正确方式来设置这个，具体来说在控制器中需要 before_filter：authenticate！和 load_and_authorize_resource 的组合。

I'm having trouble understanding the "correct" way to set this up, specifically what combination of before_filter :authenticate! and load_and_authorize_resource is needed in controllers.

在工作的同时，我将能力等级降至最低。

While working on this I've stripped the ability class to a minimum.

#Ability.rb
class Ability
  include CanCan::Ability

  def initialize(user_or_admin)
    user_or_admin ||= User.new

    can :manage, :all
  end
end

无/静态页面控制器

#home_controller.rb
class HomeController < ApplicationController
  load_and_authorize_resource
  def index
    ...some stuff
  end
end

和

#application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :authenticate!
  ...more stuff
end

有了这个设置，登录用户被重定向到Devise登录页面。

With this set up, un-logged-in users are redirected to Devise sign in page.

如果我从应用程序中删除 before_filter：authenticate！控制器我从 activesupport-3.2.11 / lib / active_support / inflector / methods.rb 中收到错误 uninitialized constant Home

If I remove before_filter :authenticate! from the application controller I get an error uninitialized constant Home from activesupport-3.2.11/lib/active_support/inflector/methods.rb

如果我从家庭控制器中删除 load_and_authorize_resource ，则此错误消失。

If I remove load_and_authorize_resource from the home controller, this error goes away.

我的简化测试能力类可以，但是当我开始添加角色和能力时，我需要让CanCan处理家庭控制器，即需要 load_and_authorize_resource 被调用。

This is ok with my simplified testing Ability class, but as I start adding roles and abilities back in I will need to have CanCan handling the Home controller, i.e., will need load_and_authorize_resource to be called.

任何人都可以帮助我了解为什么在 before_filter：authenticate！被删除，并指向任何解释为访客用户设置Devise + Cancan的正确方式的信息。我发现的信息到目前为止只解释了如何设置能力类，而不是如何配置Devise。

Can anyone help me understand why this error occurs when before_filter :authenticate! is removed, and point me towards any info that explain the "correct" way to set up Devise+Cancan for guest users. The info I've found thus far only explains how to set up the Ability class, not how to configure Devise.

推荐答案

问题是没有资源授权。因此，您只需调用 authorize_resource 而不是 load_and_authorize_resource 。有关更多信息，请参阅cancan文档中的授权控制器操作。

The problem is that there is no resource to authorize. Therefore, you need only call authorize_resource not load_and_authorize_resource. See authorizing controller actions in the cancan documentation for further information.

更新：您还必须将类指定为false： authorize_resource class：false 。

Update: You must also specify the class as false: authorize_resource class: false.

然后，您的家庭控制器将如下所示：

Then your home controller will look like this:

class HomeController < ActionController::Base
  authorize_resource class: false

  def show
    # automatically calls authorize!(:show, :home)
  end
end

此信息位于非RESTful控制器部分。对于那个很抱歉。

This information is in the Non-RESTful controllers section. Sorry about that.

这篇关于如何为访客用户正确配置Devise + Cancan的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！