我正在构建一个Rails应用程序,允许用户创建和预订事件。我已经将twitter omniauth gem与设计集成在一起。它会正确登录并重定向,但是当我点击链接创建活动或预订活动时,应用会将我重定向回登录页面。我已经设置了网站,以便只有已登录的用户可以执行此操作,但它似乎并不能涵盖omniauth集成。 如果我使用Twitter登录,我也无法从一个用户退出到另一个用户。我想添加Facebook身份验证但是想先修复此问题。我缺少哪些代码(包括验证)来涵盖这些功能?
到目前为止,这是相关的代码 -
事件控制器 -
class EventsController < ApplicationController
before_action :find_event, only: [:show, :edit, :update, :destroy,]
# the before_actions will take care of finding the correct event for us
# this ties in with the private method below
before_action :authenticate_user!, except: [:index, :show]
# this ensures only users who are signed in can alter an event
def index
if params[:category].blank?
@events = Event.all.order("created_at DESC")
else
@category_id = Category.find_by(name: params[:category]).id
@events = Event.where(category_id: @category_id).order("created_at DESC")
end
# The above code = If there's no category found then all the events are listed
# If there is then it will show the EVENTS under each category only
end
def show
end
def new
@event = current_user.events.build
# this now builds out from a user once devise gem is added
# after initially having an argument of Event.new
# this assigns events to users
end
# both update and create actions below use event_params as their argument with an if/else statement
def create
@event = current_user.events.build(event_params)
# as above this now assigns events to users
# rather than Event.new
if @event.save
redirect_to @event, notice: "Congratulations, you have successfully created a new event."
else
render 'new'
end
end
def edit
# edit form
# @edit = Edit.find(params[:id])
@event = current_user.events.find(params[:id])
end
def update
if @event.update(event_params)
redirect_to @event, notice: "Event was successfully updated!"
else
render 'edit'
end
end
def destroy
@event.destroy
redirect_to root_path
end
private
def event_params
params.require(:event).permit(:title, :location, :date, :time, :description, :number_of_spaces, :is_free, :price, :organised_by, :url, :image, :category_id)
# category_id added at the end to ensure this is assigned to each new event created
end
def find_event
@event = Event.find(params[:id])
end
end
应用程序控制器 -
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :name
devise_parameter_sanitizer.for(:account_update) << :name
end
# the application controller
# handles everything across the site
# make the current_user AND the logged_in? available to
# be used in the views as well as the controllers
helper_method :current_user
helper_method :logged_in?
helper_method :logged_out?
def current_user
# this is who I am signed in as
@current_user = User.find(session[:uid])
end
def logged_in?
# am i logged in?
# do i have a cookie called uid?
session[:uid].present?
end
def make_sure_logged_in
# If I'm not logged in, redirect me to the log in page
if not logged_in?
flash[:error] = "You must be signed in to see that page"
redirect_to new_session_path
end
end
def logged_out?
session[:uid] = nil
flash[:success] = "You've logged out"
redirect_to root_path
end
end
index.html.erb - 活动
<header>
<div class="category">
<%= link_to image_tag('MamaKnows.png'), root_path, id: "home" %>
<% Category.all.each do |category| %>
<li><%= link_to category.name, events_path(category: category.name) %></li>
<% end %>
<!-- The code loop above creates category links to the home page -->
</div>
<nav id="nav">
<% if logged_in? %>
<%= link_to 'Create Event', new_event_path %>
<%= link_to 'Account', user_path(current_user) %>
<%= link_to 'Sign out', destroy_user_session_path, :method => :delete %>
<% else %>
<%= link_to "Create an Event", new_user_session_path %>
<% end %>
</nav>
</header>
<% @events.each do |event| %>
<%= link_to (image_tag event.image.url), event %>
<h2><%= link_to event.title, event %></h2>
<h2><%= link_to event.date.strftime('%A, %d %b %Y'), event %></h2>
<% end %>
OmniauthCallback Controller
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def twitter
@details = request.env["omniauth.auth"]
@provider = @details["provider"]
@provider_id = @details["uid"]
@user = User.where(provider: @provider, provider_id: @provider_id).first
if @user.present?
#sign them in
else
# make a new user
@user = User.new
@user.provider = @provider
@user.provider_id = @provider_id
# because of has_secure_password - will this work?
@user.password = "AAAAAA!!"
@user.password_confirmation = "AAAAAA!!"
# let's save the key and secret
@user.key = @details["credentials"]["token"]
@user.secret = @details["credentials"]["secret"]
# lets fill in their details
@user.name = @details["info"]["name"]
if @provider == "twitter"? @user.save!(:validate => false) : @user.save!
# the above if statement allows for twitter to skip validation which requires an email
@user.email = @details["info"]["email"]
end
@user.save!
end
session[:uid] = @user.id
flash[:success] = "You've signed in"
redirect_to root_path
end
def password_required?
super && provider.blank?
end
end
任何帮助都将不胜感激。