如何在不使用任何gem或插件的情况下创建当前用户方法?

时间:2011-11-25 09:58:28

标签: ruby-on-rails-3 methods

我知道这是一个愚蠢的但我想知道我们如何创建一个current_user方法来获取整个应用程序的访问权限而不使用任何gem或插件?为了测试它我创建了一个应用程序,使用户能够共享文件和文件夹。如何创建这样的方法,用户只能访问他的文件夹和文件?这是我的代码示例:

登录控制器:

class LoginController < ApplicationController
 layout 'signup'
  #to skip checking the authentication and authorization.
  skip_before_filter  :check_authentication, :check_authorization

  def index
  end

  def authenticate
        if request.post?
            user = User.authenticate(params[:username],params[:password])
            if user
        session[:current_user_id]=user.id
        session[:name]= user.first_name
                puts "session name #{session[:name]}"
                redirect_to(:subdomain => user.company.subdomain, :controller => :dashboard)
      else
        flash.now[:notice] = "Invalid user/password combination"
      end  

        end
  end

  def destroy
    session[:current_user_id] = nil
    reset_session
    flash[:notice] = "You have been successfully logged out."
    redirect_to root_url
  end

end 

用户模型:

require 'digest/sha1'



 class User < ActiveRecord::Base

    #sharering method start
      after_create :check_and_assign_shared_ids_to_shared_folders  
      #this is to make sure the new user ,of which the email addresses already used to share folders by others, to have access to those folders  
      def check_and_assign_shared_ids_to_shared_folders      
        #First checking if the new user's email exists in any of ShareFolder records  
        shared_folders_with_same_email = SharedFolder.find_all_by_shared_email(self.email)  

        if shared_folders_with_same_email        
         #loop and update the shared user id with this new user id   
          shared_folders_with_same_email.each do |shared_folder|  
             shared_folder.shared_user_id = self.id  
             shared_folder.save  
          end  
        end      
      end 

        #to check if a user has acess to this specific folder  
      def has_share_access?(folder)  
          #has share access if the folder is one of one of his own  
          return true if self.folders.include?(folder)  

          #has share access if the folder is one of the shared_folders_by_others  
          return true if self.shared_folders_by_others.include?(folder)  

          #for checking sub folders under one of the being_shared_folders  
          return_value = false  

         folder.ancestors.each do |ancestor_folder|  

            return_value = self.being_shared_folders.include?(ancestor_folder)  
           if return_value #if it's true  
              return true  
            end  
          end  

          return false  
      end  
    #sharing method end

      def self.authenticate(name, password)
        user = self.find_by_username(name)

        if user
          expected_password = encrypt_password(password, user.salt)
          if user.hashed_password != expected_password
            user = nil
          end
        end
        user
      end

      #'password' is a virtual attribute
      def password
        @password
      end

      def password= (pwd)
        @password =pwd
        return if pwd.blank?
        create_new_salt
        self.hashed_password = User.encrypt_password( self.password, self.salt)
      end

        def self.users_in_company(user_id)
            User.find(user_id).company.users 
        end  

     private
      def password_non_blank
        errors.add(:password, "Missing password, please enter your password") if hashed_password.blank?
      end

      def create_new_salt
        self.salt = self.object_id.to_s + rand.to_s
      end

      def self.encrypt_password(password, salt)
        string_to_hash = password +"prftnxt" + salt
        Digest::SHA1.hexdigest(string_to_hash)
      end

    end

我想访问所有文件,因为“current_user.files”可以没有任何宝石吗?

申请助手:

module ApplicationHelper
#for current user to use through out the app
   def current_user
     @current_user ||= session[:current_user_id] && User.find_by_id(session[:current_user_id]) # Use find_by_id to get nil instead of an error if user doesn't exist
   end

end

应用程序控制器:

class ApplicationController < ActionController::Base
      include UrlHelper 
      #include ApplicationHelper
      helper_method :current_user #make this method available in views
      protect_from_forgery


#  def current_user
#    @current_user ||= session[:current_user_id] && User.find_by_id(session[:current_user_id]) # Use find_by_id to get nil instead of an error if user doesn't exist
#  end



end

并在任务控制器中:

class TasksController < ApplicationController


  # GET /tasks
  # GET /tasks.xml
  def index
    @menu = "Timesheet"
    @page_name = "Manage Task"
    company_id = Company.find_by_subdomain(request.subdomain)
    @users = User.find_all_by_company_id(company_id)
    @tasks = current_user.tasks.all#Task.all
    @task = Task.new

    respond_to do |format|
      format.html # index.html.erb
      format.html # new.html.erb
      format.xml  { render :xml => @tasks }
    end
  end
end

我的错误信息:

NameError in TasksController#index

undefined local variable or method `current_user' for #<TasksController:0xfa7e638>

2 个答案:

答案 0 :(得分:9)

这不是那么难;)只需定义你需要的方法:

class ApplicationController < ...
  def current_user
    @current_user ||= session[:current_user_id] && User.find_by_id(session[:current_user_id]) # Use find_by_id to get nil instead of an error if user doesn't exist
  end
  helper_method :current_user #make this method available in views
end

答案 1 :(得分:4)

朋友们,我已经找到了在不使用任何gem或插件的情况下创建current_user方法的方法:

在我application_helper.rb我这样做了:

module ApplicationHelper
  def current_user
    User.find(session[:current_user_id])
  end
end

并且在我application controller.rb的最后调用了这个,因为从这里我可以通过应用程序访问它:

class ApplicationController < ActionController::Base
  include UrlHelper 
  include ApplicationHelper
  helper_method :current_user
end

现在我可以访问与current user相关的任何数据:

喜欢:

@tasks = current_user.tasks

感谢所有朋友的宝贵答案。