我知道这是一个愚蠢的但我想知道我们如何创建一个current_user方法来获取整个应用程序的访问权限而不使用任何gem或插件?为了测试它我创建了一个应用程序,使用户能够共享文件和文件夹。如何创建这样的方法,用户只能访问他的文件夹和文件?这是我的代码示例:
登录控制器:
class LoginController < ApplicationController
layout 'signup'
#to skip checking the authentication and authorization.
skip_before_filter :check_authentication, :check_authorization
def index
end
def authenticate
if request.post?
user = User.authenticate(params[:username],params[:password])
if user
session[:current_user_id]=user.id
session[:name]= user.first_name
puts "session name #{session[:name]}"
redirect_to(:subdomain => user.company.subdomain, :controller => :dashboard)
else
flash.now[:notice] = "Invalid user/password combination"
end
end
end
def destroy
session[:current_user_id] = nil
reset_session
flash[:notice] = "You have been successfully logged out."
redirect_to root_url
end
end
用户模型:
require 'digest/sha1'
class User < ActiveRecord::Base
#sharering method start
after_create :check_and_assign_shared_ids_to_shared_folders
#this is to make sure the new user ,of which the email addresses already used to share folders by others, to have access to those folders
def check_and_assign_shared_ids_to_shared_folders
#First checking if the new user's email exists in any of ShareFolder records
shared_folders_with_same_email = SharedFolder.find_all_by_shared_email(self.email)
if shared_folders_with_same_email
#loop and update the shared user id with this new user id
shared_folders_with_same_email.each do |shared_folder|
shared_folder.shared_user_id = self.id
shared_folder.save
end
end
end
#to check if a user has acess to this specific folder
def has_share_access?(folder)
#has share access if the folder is one of one of his own
return true if self.folders.include?(folder)
#has share access if the folder is one of the shared_folders_by_others
return true if self.shared_folders_by_others.include?(folder)
#for checking sub folders under one of the being_shared_folders
return_value = false
folder.ancestors.each do |ancestor_folder|
return_value = self.being_shared_folders.include?(ancestor_folder)
if return_value #if it's true
return true
end
end
return false
end
#sharing method end
def self.authenticate(name, password)
user = self.find_by_username(name)
if user
expected_password = encrypt_password(password, user.salt)
if user.hashed_password != expected_password
user = nil
end
end
user
end
#'password' is a virtual attribute
def password
@password
end
def password= (pwd)
@password =pwd
return if pwd.blank?
create_new_salt
self.hashed_password = User.encrypt_password( self.password, self.salt)
end
def self.users_in_company(user_id)
User.find(user_id).company.users
end
private
def password_non_blank
errors.add(:password, "Missing password, please enter your password") if hashed_password.blank?
end
def create_new_salt
self.salt = self.object_id.to_s + rand.to_s
end
def self.encrypt_password(password, salt)
string_to_hash = password +"prftnxt" + salt
Digest::SHA1.hexdigest(string_to_hash)
end
end
我想访问所有文件,因为“current_user.files”可以没有任何宝石吗?
申请助手:
module ApplicationHelper
#for current user to use through out the app
def current_user
@current_user ||= session[:current_user_id] && User.find_by_id(session[:current_user_id]) # Use find_by_id to get nil instead of an error if user doesn't exist
end
end
应用程序控制器:
class ApplicationController < ActionController::Base
include UrlHelper
#include ApplicationHelper
helper_method :current_user #make this method available in views
protect_from_forgery
# def current_user
# @current_user ||= session[:current_user_id] && User.find_by_id(session[:current_user_id]) # Use find_by_id to get nil instead of an error if user doesn't exist
# end
end
并在任务控制器中:
class TasksController < ApplicationController
# GET /tasks
# GET /tasks.xml
def index
@menu = "Timesheet"
@page_name = "Manage Task"
company_id = Company.find_by_subdomain(request.subdomain)
@users = User.find_all_by_company_id(company_id)
@tasks = current_user.tasks.all#Task.all
@task = Task.new
respond_to do |format|
format.html # index.html.erb
format.html # new.html.erb
format.xml { render :xml => @tasks }
end
end
end
我的错误信息:
NameError in TasksController#index
undefined local variable or method `current_user' for #<TasksController:0xfa7e638>
答案 0 :(得分:9)
这不是那么难;)只需定义你需要的方法:
class ApplicationController < ...
def current_user
@current_user ||= session[:current_user_id] && User.find_by_id(session[:current_user_id]) # Use find_by_id to get nil instead of an error if user doesn't exist
end
helper_method :current_user #make this method available in views
end
答案 1 :(得分:4)
朋友们,我已经找到了在不使用任何gem或插件的情况下创建current_user
方法的方法:
在我application_helper.rb
我这样做了:
module ApplicationHelper
def current_user
User.find(session[:current_user_id])
end
end
并且在我application controller.rb
的最后调用了这个,因为从这里我可以通过应用程序访问它:
class ApplicationController < ActionController::Base
include UrlHelper
include ApplicationHelper
helper_method :current_user
end
现在我可以访问与current user
相关的任何数据:
喜欢:
@tasks = current_user.tasks
感谢所有朋友的宝贵答案。