[英]Using cancancan's check_authorization with devise with custom controllers?
TL;DR (full question below) TL; DR (下面的完整问题)
cancan comes with check_authorization
which lets you know if you forgot to add authorisation to any part of your app. cancan 带有
check_authorization
,它可以让您知道您是否忘记为应用程序的任何部分添加授权。 Essentially, I just want to know if it's necessary to add authorisation to the 'devise' part of an app - or does devise do everything it needs to out of the box?本质上,我只想知道是否有必要为应用程序的“设计”部分添加授权 - 或者设计是否开箱即用? (ie it would be extremely bad if one user could change another user's password, for example! - does that need to be prevented via cancan, or does devise ensure that already out of the box?)
(例如,如果一个用户可以更改另一个用户的密码,那将是非常糟糕的! - 这是否需要通过 cancan 来阻止,或者是否设计确保已经开箱即用?)
Full question完整问题
I have devise and cancancan set up, everything seems to work.我有设计和康康设置,一切似乎都有效。
When I added check_authorization
, everything continued to work, except logging in and out doesn't work any more当我添加
check_authorization
,一切都继续工作,除了登录和退出不再起作用
CanCan::AuthorizationNotPerformed in Devise::SessionsController#destroy
This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check.
Extracted source (around line #266):
264
265
266
267
268
269
next if options[:unless] && controller.send(options[:unless])
raise AuthorizationNotPerformed,
'This action failed the check_authorization because it does not authorize_resource. '\
'Add skip_authorization_check to bypass this check.'
end
Curiously, when a user updates their information, that works fine (no error)奇怪的是,当用户更新他们的信息时,效果很好(没有错误)
Any ideas / pointers greatly appreciated任何想法/指针非常感谢
Also, should I be skip_authorization_check
on devise controllers?另外,我应该在设备控制器上
skip_authorization_check
吗? Although the error message suggests it, it sounds risky尽管错误消息暗示了这一点,但听起来很冒险
Lastly, I don't exactly know how to access the devise controllers in order to add skip_authorization_check
.最后,我不完全知道如何访问设计控制器以添加
skip_authorization_check
。 Here is my directory (using users controllers for devise)这是我的目录(使用用户控制器进行设计)
The answer is you don't have to worry about skip_authorization_check
on the devise controllers.答案是您不必担心
skip_authorization_check
控制器上的skip_authorization_check
。
And in case you get this error message for any other controllers:如果您收到任何其他控制器的此错误消息:
CanCan::AuthorizationNotPerformed (This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check.):
then the solution is to either那么解决方案是要么
Authorization checks can be skipped by adding this to the resource可以通过将其添加到资源来跳过授权检查
skip_authorization_check
And you can use only
or except
like so你可以使用
only
或except
像这样
skip_authorization_check except: [:index]
and和
skip_authorization_check only: [:show, :edit]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.