[英]acl9 and devise don't seem to work well together
I have a user model whose access controlled by ACL9. 我有一个由ACL9控制访问的用户模型。
in UsersController
: 在UsersController
:
#ACL9 related stuff
before_filter :load_user, :only => [:show]
access_control do
allow :owner, :of => :user, :to => [:show]
end
def load_user
user = User.find(params[:id])
end
in ApplicationController
: 在ApplicationController
:
rescue_from 'Acl9::AccessDenied', :with => :access_denied
def access_denied
authenticate_user! # a method from Devise
end
It is no problem to type in url for sign in page http://localhost:3000/users/sign_in
, but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically through the logic above. 在登录页面http://localhost:3000/users/sign_in
键入url没问题,但是例如当我首先在用户页面中键入时,这是一个问题,我希望可以将其重定向到登录页面通过以上逻辑自动进入页面。
http://localhost:3000/users/1
=> infinite redirect hell. http://localhost:3000/users/1
=>无限重定向地狱。 It tries to redirect back to users/1
again instead of directing to users/sign_in
. 它尝试再次重定向回users/1
,而不是定向到users/sign_in
。
Does anyone have an opinion as to what might be going wrong? 有人对可能出什么问题有意见吗?
I think you should not use Acl9 in Devise user controller. 我认为您不应该在Devise用户控制器中使用Acl9。 Since you are not authenticated you have no rights and you will not authenticate :D. 由于您没有通过身份验证,因此您没有权限,也不会通过:D进行身份验证。 You may want to forbid users to delete, so it should be like: 您可能要禁止用户删除,因此应如下所示:
access_control :only => [:destroy] do
allow :admin
end
For UsersController you should overwrite your access_control if you want to leave it as is in application controller. 对于UsersController,如果要保留其在应用程序控制器中的访问权限,则应覆盖它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.