使用会话将参数值传递给另一个控制器

时间:2019-03-07 20:39:51

标签: ruby-on-rails ruby

无论如何,我可以将参数的值传递给另一个操作(例如会话)吗?例如,为了使用户转到下一页等,他们必须输入访问代码。因此,如果他们尝试更改URL以尝试跳过访问码中的输入,则将对其进行重定向。所以我要完成的工作就是将访问代码保留在会话中

def welcome_access
    @code = params[:access_code] == ENV['ACCESS_CODE']
    session[:passed_parameter] = @code
    if @code
        redirect_to users_welcome_path
      else
        flash[:alert] =  "Incorrect access code"
        redirect_to  request.referer
    end

    respond_to do |format|
    format.html
    format.js
    end
  end

  def welcome_submit
    @code = session[:passed_parameter]
    @welcome_code = @code
      if @welcome_code
        if params[:user_type] == "patient"  
          redirect_to new_patient_path
        elsif params[:user_type] == "surrogate" 
          redirect_to surrogate_patients_path
        elsif params[:user_type] == "surrogate"
          redirect_to new_patient_path
        elsif params[:user_type] == "provider"
          redirect_to new_provider_path
        elsif params[:user_type] == "facilitator"
          redirect_to new_facilitator_path
        elsif params[:user_type] == "ancillary"
          redirect_to new_ancillary_path
        elsif params[:user_type] == "administrator"
          redirect_to new_administrator_path
        elsif params[:user_type] == "emergency"
          redirect_to new_emergency_path
        elsif params[:user_type] == "paramedic"
          redirect_to new_paramedic_path
        end
      else
      redirect_to request.referer
    end
  end

这是我的模式代码

<div class="modal-box">
    <%= form_tag users_welcome_access_path, method: :post do %>
        <div class="close">x</div>
        <div class="title">Access Code</div>
        <div id="modal-container" class="container sm-height">
             <div class="buttons">
                  <div class="header">
                    <%= label :access_code, "Enter correct access code to continue registration"%>
                    <%= text_field_tag :access_code %>
                  </div>
                  <div class="header" style="margin-top: 15px">
                    <%= submit_tag 'Continue', class: "btn-submit" %>
                  <button class="btn-cancel">Cancel</button>
                 <div class="push"></div>
                     </div>
            </div>
        </div>
    <% end %>
</div>

1 个答案:

答案 0 :(得分:0)

您可能希望使用before filter进行授权/重定向。这些过滤器使您可以定义应在每个控制器方法之前调用的方法。身份验证工具通常会大量利用这些功能,因为它可以让您在了解方法的实质之前检查用户是否已通过身份验证。

例如:

class MyController < ApplicationController
  before_action :authenticate!

  # authenticate! is automatically called before this method
  def welcome_access
    # user is already authenticated at this point, or else was redirected to request.referer
    respond_to do |format|
      # ...
    end
  end

  # authenticate! is automatically called before this method
  def welcome_submit
    # user is already authenticated at this point, or else was redirected to request.referer
    case params[:user_type]
    when "patient" then redirect_to new_patient_path
    # more redirects here...
    when "paramedic" then redirect_to new_paramedic_path
    end
  end

  private

  def authenticate!
    session[:passed_parameter] = params[:access_code] if params[:access_code].present?
    if !correct_code?
      flash[:alert] =  "Incorrect access code"
      redirect_to request.referer
    end
  end

  def correct_code?
    session[:passed_parameter] == ENV['ACCESS_CODE']
  end
end

其他一些注释/建议:

  • 考虑使用case / when而不是较长的if-elsif链。看看我的例子。

  • welcome_access中的response_to永远不会受到攻击,因为您将始终被首先重定向。具有欢迎访问权限的用户可以重定向到其他页面,或呈现html。

  • 代替redirect_back而不是redirect_to request.referer

  • 您可能需要研究一些可以为您处理身份验证的宝石。 Devise是强大的通用宝石。人们很少在实践中发布自己的身份验证(除非说,他们只是在做学习),而学会在项目中使用gems本身就是一项很好的技能。当然,它更安全。

祝你好运!

相关问题
最新问题