Update Authorization (Ruby on Rails Tutorial)
Question
Mike Hart's tutorial on adding authorization presented the below code ( link to original code listing) . Why does the method update make a call to sign_in @user . This seems redundant to me as the before_filter :correct_user should guarantee that the client is signed in because of current_user?(@user) in method correct_user .
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:edit, :update]
before_filter :correct_user, only: [:edit, :update]
.
.
.
def edit
end
def update
if @user.update_attributes(params[:user])
flash[:success] = "Profile updated"
sign_in @user
redirect_to @user
else
render 'edit'
end
end
.
.
.
private
def signed_in_user
redirect_to signin_url, notice: "Please sign in." unless signed_in?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
end
1 answers
solution1
0 ACCPTED 2013-04-05 09:43:21
因为在更新属性时用户被迫更新密码,这将导致其当前登录无效。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
ruby on rails tutorial authorization
Ruby on Rails Tutorial: Database will not update
Ruby on Rails Tutorial - Chapter 9: Missing template update
Ruby on Rails (Michael Hart Tutorial) authorization error (chapter 9.2.1)
Ruby on Rails Tutorial stuck
Ruby Rails Tutorial 8.25
Ruby on Rails Tutorial Lesson 9
Ruby on Rails Tutorial
Error on Ruby on Rails tutorial
Ruby on Rails 3 Tutorial
Related Tags