我认为我在使用Authlogic gem w / Rails时遗漏了一些东西。要设置阶段,我有多个用户,每个用户都可以创建帖子和评论。在显示帖子或评论后,我想给创建它们的用户提供编辑或销毁的选项。
我成功使用以下代码隐藏和显示基于用户是否登录的元素,但似乎无法找到如何仅向创建它们的实际用户显示这些链接...任何已登录的用户。
<% if current_user %>
<%= link_to 'Edit', edit_question_path(question) %> |
<%= link_to 'Destroy', question, :confirm => 'Are you sure?', :method => :delete %>
<% else %>
<p>nothing to see here</p>
<% end %>
以下是位于应用程序控制器中的current_user的def,以防我需要在此更改内容。
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
protect_from_forgery # See ActionController::RequestForgeryProtection for details#
helper_method :current_user
private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
end
答案 0 :(得分:1)
authlogic等身份验证解决方案并不是为了支持您尝试做的事情而构建的。您可以在authlogic上使用授权解决方案,让您可以进行细粒度检查,例如用户是否可以访问给定操作:
<% if current_user.may_update_question? @question %>
<%= link_to 'Edit', edit_question_path(@question) %>
<% end %>
上面的示例使用Aegis。
答案 1 :(得分:0)
试试这个:
class ApplicationController < ActionController::Base
# add your methods (eg: current_user etc)
helper_method :current_user, :logged_in?, :current_user_is_owner?
def init_data
klass = controller_name.camelize.singularize.constantize #User
param_key = controller_name.camelize.downcase.singularize.to_sym # :user
obj = case (action_name.to_sym)
when :new, :create
klass.new(params[param_key])
when :edit, :show, :destroy
klass.find(params[:id])
when :update
klass.find(params[:id]).tap{|o| o.attributes = params[param_key]}
end
instance_variable_set("@#{param_key}", obj) # set the obj to @line_item
end
def require_user
return true if logged_in?
render_error_message("You must be logged in to access this page",
new_user_session_url)
return false
end
def require_owner
obj = instance_variable_get("@#{controller_name.singularize.camelize.underscore}") # LineItem becomes @line_item
return true if current_user_is_owner?(obj)
render_error_message("You must be the #{controller_name.singularize.camelize} owner to access this page", root_url)
return false
end
def logged_in?
return current_user != nil
end
def current_user_is_owner?(obj)
logged_in? and obj.respond_to?(:user_id) and
(obj.send(:user_id) == current_user.id)
end
def render_error_message message, url
respond_to do |format|
format.html do
flash[:notice] = message
if request.xhr?
head :bad_request, :error => message
else
redirect_to url
end
end
format.json { render :json => message, :status => :unprocessable_entity }
format.xml { render :xml => message, :status => :unprocessable_entity }
end
end
end
现在在您的控制器中
class PostsController < ApplicationController
before_filter :require_user # all actions require user to be logged in
before_filter :init_data # create a member variable called @post, initialized based on the action
before_filter :require_owner, :only => [:edit, :update, :destroy] #edit, update, and destroy actions require ownership
def update
if @post.save
else
end
end
end
在视图代码中:
<% if current_user_is_owner?(question) %>
.. display something
<% end %>