使用Devise时如何构造经过身份验证的路由?
[英]How to structure authenticated routes when using Devise?
问题描述
In my question How to have root view when user is not logged in rails? 
在我的问题中,当用户未登录Rails时如何具有root视图? max answered that we can use authenticated to make routes available only when someone is authenticated. max回答说,只有在经过身份验证的情况下,我们才能使用authenticated使路由可用。 I am having a probem that how can I structure this: 我有一个问题,我该如何构造它:
Rails.application.routes.draw do
devise_for :users
authenticated :user do
# when authenticated allow all action on student
resources :subjects do
resources :students
end
end
# when not only allow read on student
resources :subjects do
resources :students, only: [:get]
end
root "home#index"
end
The problem is I don't want to allow any unauthenticated action on :subjects how to stop that? 问题是我不想对:subjects进行任何未经身份验证的操作,如何停止该操作?
2 个解决方案
解决方案1
3 2017-04-16 06:00:38
If you want to limit access to subjects you should do it on the controller layer - not in the routes. 如果要限制对主题的访问,则应在控制器层(而不是在路线中)进行访问。 Using before_action :authenticate_user! 使用before_action :authenticate_user! will give a 401 Unauthorized response and redirect to the sign in. 将给出401 Unauthorized响应,并重定向到登录。
class ApplicationController
# secure by default
before_action :authenticate_user!, unless: :devise_controller?
end
class SubjectsController < ApplicationController
# whitelist actions that should not require authentication
skip_before_action :authenticate_user!, only: [:show, :index]
# ...
end
Rails.application.routes.draw do
devise_for :users
resources :subjects do
resources :students
end
root "home#index"
end
Using the authenticated and unauthenticated route helpers are useful when you want the have different responses for the same route for authenticated and unauthenticated users but is not how you should structure your application. 当您希望对经过身份验证和未经身份验证的用户对同一路由有不同的响应时,使用经过authenticated和unauthenticated authenticated unauthenticated路由帮助程序将非常有用,但是您不应该以此方式构造应用程序。
If you simply use authenticated in your routes unauthenticated users will get a 404 Not Found response instead of being prompted to sign in. Which is not helpful. 如果仅在路由中使用经过authenticated ,则未经authenticated验证的用户将收到404 Not Found响应,而不是提示登录。这没有帮助。
Also resources :students, only: [:get] does not generate any routes at all. 另外, resources :students, only: [:get]根本不生成任何路由。 The only option is for limiting the actions (show, index, edit, update ...) not the HTTP method. only选择是限制动作(显示,索引,编辑,更新...),而不是HTTP方法。 Use rake routes to see the routes in your app. 使用rake routes查看您应用中的路线。
解决方案2
0 2018-04-14 14:04:14
Here is the simple way to structure authenticated and unauthenticated routes. 这是构造经过身份验证和未经身份验证的路由的简单方法。
In app/controllers/application_controller.rb, add "before_action :authenticate_user!" 在app / controllers / application_controller.rb中,添加"before_action :authenticate_user!" . 。
My app/controllers/application_controller.rb file: 我的app / controllers / application_controller.rb文件:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
end
My config/routes.rb: 我的config / routes.rb:
Rails.application.routes.draw do
devise_for :users
root "home#index"
devise_for :users, controllers: {
:sessions => "users/sessions",
:registrations => "users/registrations" }
authenticated :user do
resources :students
end
unauthenticated :user do
#Some route
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.