如何为访客用户正确配置Devise + Cancan [英] How to configure Devise+Cancan correctly for guest users
问题描述
在Rails 3.2应用程序中,我使用的是Devise + CanCan。该应用程序以前限制只访问登录用户。我正在添加一个访客用户/能力,可以阅读网站的某些部分。
In a Rails 3.2 app I'm using Devise + CanCan. The app previously restricted access to only logged in users. I'm in the process of adding a Guest user/ability that will be able to read certain sections of the site.
我无法理解正确方式来设置这个,具体来说在控制器中需要 before_filter:authenticate!
和 load_and_authorize_resource
的组合。
I'm having trouble understanding the "correct" way to set this up, specifically what combination of before_filter :authenticate!
and load_and_authorize_resource
is needed in controllers.
在工作的同时,我将能力等级降至最低。
While working on this I've stripped the ability class to a minimum.
#Ability.rb
class Ability
include CanCan::Ability
def initialize(user_or_admin)
user_or_admin ||= User.new
can :manage, :all
end
end
无/静态页面控制器
#home_controller.rb
class HomeController < ApplicationController
load_and_authorize_resource
def index
...some stuff
end
end
和
#application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authenticate!
...more stuff
end
有了这个设置,登录用户被重定向到Devise登录页面。
With this set up, un-logged-in users are redirected to Devise sign in page.
如果我从应用程序中删除 before_filter:authenticate!
控制器我从 activesupport-3.2.11 / lib / active_support / inflector / methods.rb
中收到错误 uninitialized constant Home
If I remove before_filter :authenticate!
from the application controller I get an error uninitialized constant Home
from activesupport-3.2.11/lib/active_support/inflector/methods.rb
如果我从家庭控制器中删除 load_and_authorize_resource
,则此错误消失。
If I remove load_and_authorize_resource
from the home controller, this error goes away.
我的简化测试能力类可以,但是当我开始添加角色和能力时,我需要让CanCan处理家庭控制器,即需要 load_and_authorize_resource
被调用。
This is ok with my simplified testing Ability class, but as I start adding roles and abilities back in I will need to have CanCan handling the Home controller, i.e., will need load_and_authorize_resource
to be called.
任何人都可以帮助我了解为什么在 before_filter:authenticate!
被删除,并指向任何解释为访客用户设置Devise + Cancan的正确方式的信息。我发现的信息到目前为止只解释了如何设置能力类,而不是如何配置Devise。
Can anyone help me understand why this error occurs when before_filter :authenticate!
is removed, and point me towards any info that explain the "correct" way to set up Devise+Cancan for guest users. The info I've found thus far only explains how to set up the Ability class, not how to configure Devise.
推荐答案
问题是没有资源授权。因此,您只需调用 authorize_resource
而不是 load_and_authorize_resource
。有关更多信息,请参阅cancan文档中的授权控制器操作。
The problem is that there is no resource to authorize. Therefore, you need only call authorize_resource
not load_and_authorize_resource
. See authorizing controller actions in the cancan documentation for further information.
更新:您还必须将类指定为false: authorize_resource class:false
。
Update: You must also specify the class as false: authorize_resource class: false
.
然后,您的家庭控制器将如下所示:
Then your home controller will look like this:
class HomeController < ActionController::Base
authorize_resource class: false
def show
# automatically calls authorize!(:show, :home)
end
end
此信息位于非RESTful控制器部分。对于那个很抱歉。
This information is in the Non-RESTful controllers section. Sorry about that.
这篇关于如何为访客用户正确配置Devise + Cancan的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!