Rails 5:禁用对Devise注册和登录表单页面的访问
[英]Rails 5: disable access to Devise register and login form pages
问题描述
I have Devise and OmniAuth-Twitter setup. 
我有Devise和OmniAuth-Twitter设置。 I used to use email signup with Devise, then I switched to Twitter login. 我曾经在Devise中使用电子邮件注册,然后切换到Twitter登录。 Now I need to disable email sign up and sign in access for everyone. 现在,我需要禁用所有人的电子邮件注册和登录访问权限。
http://localhost:3000/register
http://localhost:3000/login
I tried the code below in views, but I get error. 我在视图中尝试了以下代码,但出现错误。 I assume because of it being an ActiveRecord feature. 我假设因为它是ActiveRecord功能。
redirect_to root_path
and I couldn't redirect in Controller as before_action: since I do not have controller for Devise. 而且我无法像以前一样在Controller中重定向:因为我没有Devise的控制器。
What is best way to disable access to this register and login pages? 禁止访问此注册和登录页面的最佳方法是什么?
Thank you! 谢谢!
2 个解决方案
解决方案1
1 2017-10-03 17:14:25
If you really want to redirect from the login and registration pages, you should create two controllers that extend Devise::SessionsController and Devise::RegistrationsController and then configure your routes to use your controllers instead of the default controllers that Devise uses. 如果您确实要从登录页面和注册页面重定向,则应该创建两个扩展Devise::SessionsController和Devise::RegistrationsController控制器,然后将路由配置为使用您的控制器,而不是Devise使用的默认控制器。
Here's an example for the login path only, but it's the same logic for registrations. 这仅是登录路径的示例,但是注册的逻辑相同。
# config/routes.rb
devise_for :users, controllers: { sessions: 'users/sessions' }
# app/controllers/users/sessions_controller.rb
module Users
class SessionsController < Devise::SessionsController
def new
# Redirect wherever you want here
redirect_to root_path
end
end
end
Please note that devise allows you to skip some routes as well, but keep in mind that the whole controller will be excluded, which might not be what you want. 请注意,devise允许您也跳过某些路由,但是请记住,整个控制器将被排除,这可能不是您想要的。
# config/routes.rb
devise_for :users, only: [:passwords]
# or
devise_for :users, skip: [:sessions]
解决方案2
0 2017-10-03 14:12:10
It's not necessarily that you need controller logic, it's that you need to block that ability from the view side. 不一定需要控制器逻辑,而是需要从视图侧阻止该功能。 You have appname/app/views/devise/registrations/new.html.erb and appname/app/views/devise/sessions/new.html.erb that you need to modify to remove the form fields that you want to hide and also delete stuff from your appname/app/views/devise/shared/_links.html.erb as well to disallow the signup there too. 您具有需要修改的appname/app/views/devise/registrations/new.html.erb和appname/app/views/devise/sessions/new.html.erb ,以删除要隐藏的表单字段,并且appname/app/views/devise/shared/_links.html.erb从您的appname/app/views/devise/shared/_links.html.erb删除内容,以禁止在那里进行注册。
You're going to want to delete the code that looks like lines 8-10 and lines 12-14 in your shared _links.html.erb file. 您将要删除共享的_links.html.erb文件中看起来像第8-10行和第12-14行的代码。
1 <%- if devise_mapping.omniauthable? %>
2 <%- resource_class.omniauth_providers.each do |provider| %>
3 <div class="twitter-button">
4 <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), class: "twitter-text" %>
5 </div>
6 <% end -%>
7 <% end -%>
8 <%- if controller_name != 'sessions' && false %>
9 <%= link_to "Log in", new_session_path(resource_name), class: "forget" %>
10 <% end -%>
11
12 <%- if devise_mapping.registerable? && controller_name != 'registrations' && false %>
13 <%= link_to "Sign up", new_registration_path(resource_name), class: "forget" %>
14 <% end -%>
But, at the end of the day I don't think it's necessarily a great idea to completely disallow people that don't have a twitter to utilize your app, because it greatly reduces the number of people that can now use your app right off the bat. 但是,总之,我认为完全禁止没有Twitter的人使用您的应用程序不一定是个好主意,因为它极大地减少了立即可以使用您的应用程序的人数球棒。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.