stackoom
  简体   繁体   中英

Restrict access in Rails app only for users logged in

 原文  2016-03-19 13:50:43       ruby-on-rails

Question

I'm learning Rails and I'm trying to restrict access to pages if a user hasn't logged in and to only allow them to view the login and sign up pages.

Currently, my code creates a session when a user logs in and clears it when the user logs out. I've got a Sessions helper so that I can check whether a user is logged in but I'm unsure how to redirect the user throughout the app if he/she's not logged in.

UPDATE:

  1. As I posted the question, I managed to get something to work with a before_filter. Should I use a before_action or before_filter?

  2. Do I need to copy the same method in all my controllers where I want to restrict access?

CODE:

/controllers/application_controller.rb 

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  include SessionsHelper
end

/controllers/sessions_controller.rb 

class SessionsController < ApplicationController

  def new
  end

  def create
    user = User.find_by(email: params[:session][:email].downcase)
    if user && user.authenticate(params[:session][:password])
      log_in user
      redirect_to user
    else
      flash.now[:danger] = 'Invalid email/password combination'
      render 'new'
    end
  end

  def destroy
    log_out
    redirect_to root_url
  end

end

/helpers/sessions_helper.rb 

module SessionsHelper

  # Logs in the given user.
  def log_in(user)
    session[:user_id] = user.id
  end

  # Returns the current logged-in user (if any).
  def current_user
    @current_user ||= User.find_by(id: session[:user_id])
  end

  # Returns true if the user is logged in, false otherwise.
  def logged_in?
    !current_user.nil?
  end

  # Logs out the current user.
  def log_out
    session.delete(:user_id)
    @current_user = nil
  end
end

1 answers

solution1
 5 ACCPTED  2016-03-19 14:00:02

You can use a before_action . The rails guide has a nice section with an example on that: 

class ApplicationController < ActionController::Base
  before_action :require_login

  private

  def require_login
    unless logged_in?
      flash[:error] = "You must be logged in to access this section"
      redirect_to new_login_url # halts request cycle
    end
  end
end

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Restrict access to page to only guest visitors ie prevent logged-in users to access a page (Rails 4, devise) Restrict access to images in Rails app Rails: How to restrict actions to only certain users? Rails: Limited access to pages for not logged users Restrict routes to certain users in Rails app Restrict certain routes to logged in users Restrict access to “destroy” feature in Ruby on Rails app How to restrict public access to a rails app Restrict GET route in Rails 4 to app only Rails Devise restrict IP address access for admin users
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM