Mike Hart's tutorial on adding authorization presented the below code ( link to original code listing) . Why does the method update
make a call to sign_in @user
. This seems redundant to me as the before_filter :correct_user
should guarantee that the client is signed in because of current_user?(@user)
in method correct_user
.
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:edit, :update]
before_filter :correct_user, only: [:edit, :update]
.
.
.
def edit
end
def update
if @user.update_attributes(params[:user])
flash[:success] = "Profile updated"
sign_in @user
redirect_to @user
else
render 'edit'
end
end
.
.
.
private
def signed_in_user
redirect_to signin_url, notice: "Please sign in." unless signed_in?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
end
因为在更新属性时用户被迫更新密码,这将导致其当前登录无效。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.