将 cancancan 的 check_authorization 与带有自定义控制器的设计一起使用?
[英]Using cancancan's check_authorization with devise with custom controllers?
问题描述
TL;DR (full question below) 
TL; DR (下面的完整问题)
cancan comes with check_authorization which lets you know if you forgot to add authorisation to any part of your app. cancan 带有check_authorization ,它可以让您知道您是否忘记为应用程序的任何部分添加授权。 Essentially, I just want to know if it's necessary to add authorisation to the 'devise' part of an app - or does devise do everything it needs to out of the box?本质上,我只想知道是否有必要为应用程序的“设计”部分添加授权 - 或者设计是否开箱即用? (ie it would be extremely bad if one user could change another user's password, for example! - does that need to be prevented via cancan, or does devise ensure that already out of the box?) (例如,如果一个用户可以更改另一个用户的密码,那将是非常糟糕的! - 这是否需要通过 cancan 来阻止,或者是否设计确保已经开箱即用?)
Full question完整问题
I have devise and cancancan set up, everything seems to work.我有设计和康康设置,一切似乎都有效。
When I added check_authorization , everything continued to work, except logging in and out doesn't work any more当我添加check_authorization ,一切都继续工作,除了登录和退出不再起作用
CanCan::AuthorizationNotPerformed in Devise::SessionsController#destroy
This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check.
Extracted source (around line #266):
264
265
266
267
268
269
next if options[:unless] && controller.send(options[:unless])
raise AuthorizationNotPerformed,
'This action failed the check_authorization because it does not authorize_resource. '\
'Add skip_authorization_check to bypass this check.'
end
Curiously, when a user updates their information, that works fine (no error)奇怪的是,当用户更新他们的信息时,效果很好(没有错误)
Any ideas / pointers greatly appreciated任何想法/指针非常感谢
Also, should I be skip_authorization_check on devise controllers?另外,我应该在设备控制器上skip_authorization_check吗? Although the error message suggests it, it sounds risky尽管错误消息暗示了这一点,但听起来很冒险
Lastly, I don't exactly know how to access the devise controllers in order to add skip_authorization_check .最后,我不完全知道如何访问设计控制器以添加skip_authorization_check 。 Here is my directory (using users controllers for devise)这是我的目录(使用用户控制器进行设计)
1 个解决方案
解决方案1
0 2020-12-06 14:28:00
The answer is you don't have to worry about skip_authorization_check on the devise controllers.答案是您不必担心skip_authorization_check控制器上的skip_authorization_check 。
And in case you get this error message for any other controllers:如果您收到任何其他控制器的此错误消息:
CanCan::AuthorizationNotPerformed (This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check.):
then the solution is to either那么解决方案是要么
- add authorization to that resource (or parts thereof) that require it, OR为需要它的资源(或其部分)添加授权,或
- simply skip authorization checks if a resource doesn't require authorization.如果资源不需要授权,只需跳过授权检查。
Authorization checks can be skipped by adding this to the resource可以通过将其添加到资源来跳过授权检查
skip_authorization_check
And you can use only or except like so你可以使用only或except像这样
skip_authorization_check except: [:index]
and和
skip_authorization_check only: [:show, :edit]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.