stackoom
  简体   繁体   中英

Rails auth without any gem

 原文  2013-02-20 13:33:36       ruby-on-rails/ ruby-on-rails-3/ ruby-on-rails-3.1

Question

I did my own auth like on my old php site, I use sessions for that and md5 hash for pass. My session after auth look like that: 

{"session_id"=>"874e2703dbaa562da8350fe141612cb6", "_csrf_token"=>"o3g5VHz7f6BPCwpaphI/7qnBnaDVBcguKVB4lXqvUss=", "user_id"=>2, "login"=>"123", "avatar"=>/uploads/resume/avatar/2/avatars/noava.jpg, "group_id"=>1}

All other things are done, but Now how I can to restrict the access for different actions in my controller depending on my session ?

Or can I fix this with devise and cancan gems? They are using bcrypt, but my old passwords in md5 and i cant use for that bcrypt.

1 answers

solution1
 1  2013-02-20 13:40:54

You're confusing the ideas of authentication and authorization.

You've built your own authentication - you know who people are. Devise is an example of a gem that handles authentication.

Authorization controls what people can do, and is completely independent of authentication. Cancan is an example of a gem that handles authorization.

Use Cancan, or anything here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question omni auth rails gem ArgumentError Rails is not installing any gem Rails Pagination without Gem Is there any rails gem for avatar selection? Any Rails gem for express1? Net/LDAP gem and basic auth in Rails 4 app Any Google +1 button gem for Rails? Has any one had any luck using twitter bootstrap in the rails asset pipeline WITHOUT using a gem? Creating gem that works with or without Rails Rails returning 401 Unauthorised for User Auth Flow - Rails, devise gem, Devise_token_auth gem
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM