Currently I got the following code piece in SomethingController
:
class SomethingController < ApplicationController
skip_filter :authenticate_user!, :only => [:new, :create, :edit, :update]
#...
#new
#create
#edit
#update
end
Currently: We wanted unauthenticated users to be able to create or update Something
objects.
The problem: Due to the different nature of our mobile phone authentication, we want to restrict unauthenticated mobile phone user not to be able to use this controller actions before they sign in/up. Can we add some condition to the filter, like:
skip_filter :authenticate_user!, :only => [:new, :create, :edit, :update], :format=>:html
skip_filter :authenticate_user!, :only => [], :format=>:mobile
If that is not possible, what is the best practice? Is this acceptable?
def new
if current_user.nil?
#redirect to sign_in/up actions
end
#rest of the method
end
Skip the filter only for non mobile requests. Something like below.
class SomethingController < ApplicationController
skip_filter :authenticate_user!, :only => [:new, :create, :edit, :update], :unless => :mobile?
#...
#new
#create
#edit
#update
def mobile?
#implementation here depends on how you do the mobile detection
end
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.