Rails4 + Devise:用户未通过身份验证时“隐藏”路线
[英]Rails4+Devise: “hide” routes when user is not authenticated
问题描述
I am trying to make my admin back-office pages "invisible" for non authenticated users. 
我试图使未经身份验证的用户的管理后台页面“不可见”。 Meaning when a user goes to something like /admin/my_controller I want to display a 404 custom page, makes him believe this is just a regular 404. And off course when the user is authenticated he will correctly access the controller. 这意味着当用户转到/admin/my_controller我想显示404自定义页面,使他相信这只是常规的404。当然,当用户通过身份验证后,他将正确访问控制器。
So I got almost everything working, I'm just missing the devise/warden part. 所以我几乎所有工作都在进行,我只是缺少设计/维护部分。 I correctly configured 404 error rescue in my Rails app (which is implemented in a controller I named ErrorsController ), so when someone goes to a non existing uri such as /nothing_here , my custom 404 page correctly display. 我在我的Rails应用程序中正确配置了404错误救援(在我名为ErrorsController的控制器中实现),因此当有人进入不存在的uri如/nothing_here ,我的自定义404页面会正确显示。
I am trying to use ErrorsController as failure_app which is almost fully working, except that I receive an exception if I log-in with incorrect credential. 我正在尝试使用ErrorsController作为failure_app ,它几乎可以正常工作,除了如果我使用不正确的凭据登录会收到异常。 I am certainly just missing one last detail. 我当然只是错过了最后一个细节。 Exception is 例外是
AbstractController::ActionNotFound at /unauthenticated
The action 'create' could not be found for ErrorsController
Obviously the create action is supposed to be called from the SessionController not from the ErrorsController . 显然,应该从SessionController而不是ErrorsController调用create动作。 And this is the last bit that is missing. 这是最后遗漏的一点。 How to achieve this? 如何实现呢?
Custom 404 configuration 自定义404配置
In config/application.rb 在config / application.rb中
config.exceptions_app = self.routes
In config/routes.rb 在config / routes.rb中
get '*dummy', to: 'errors#index'
app/controllers/errors_controller.rb 应用程序/控制器/ errors_controller.rb
class ErrorsController < ApplicationController
def index
display_404
end
end
Devise configuration 设计配置
In config/initializers/devise.rb 在config / initializers / devise.rb中
config.warden do |manager|
manager.failure_app = ErrorsController
end
Result 结果
- Accessing a "admin" uri without being authenticated displayed correctly display my custom 404 page 在未通过身份验证的情况下访问“管理员” uri会正确显示我的自定义404页面
- Logging-in with devise with correct credential works as expected 通过设计登录并按预期使用正确的凭据
- Logging-in with incorrect credential raises
AbstractController::ActionNotFound at /unauthenticated The action 'create' could not be found for ErrorsController使用不正确的凭据登录会AbstractController::ActionNotFound at /unauthenticated The action 'create' could not be found for ErrorsController引发AbstractController::ActionNotFound at /unauthenticated The action 'create' could not be found for ErrorsController
1 个解决方案
解决方案1
1 已采纳 2014-11-18 10:32:20
A more graceful way of handling errors when a user is not signed in is adding a method to your application controller. 当用户未登录时,处理错误的更合适的方法是将方法添加到应用程序控制器中。 For example display_404 In your display_404 method add 例如display_404在display_404方法中添加
raise ActionController::RoutingError.new('Not Found')
When this method is called it will raise Rails' own error page and log 'Not Found' in the log file. 调用此方法时,它将引发Rails的错误页面,并在日志文件中记录“未找到”。 In development this will be shown but on screen but for production it will only be found in the log file, so adding something like 'User was not signed in' is a possibility. 在开发过程中,它将显示在屏幕上,但在生产过程中将仅在日志文件中找到,因此有可能添加'User was not signed in'内容。
Then using 然后使用
before_action do
unless admin_signed_in?
display_404
end
end
the error page will be shown when the visitor is not signed in. 如果访客未登录,将显示错误页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.