我有一个应用程序,用户可以提名一个可以查看其账户的密钥持有者。我有一个before_filter,意思是只有账户持有人或他们的钥匙持有者才能查看他们的账户。此代码适用于查看用户主页的任何人,但我无法进一步做任何事情 - 我当前以密钥持有者身份登录,并且无法注销,或者向任一帐户添加“注释”(现在钥匙持有人可以无限制地访问他们自己的账户和钥匙持有人)。请任何人都可以帮忙?rails before_filter阻止访问控制器
的是的before_filter:
def correct_user
@user = User.find(params[:id])
unless (@user && current_user.id == @user.id) || (([email protected])&&([email protected]_id))
redirect_to root_path
end
end
,并试图例如,当我收到错误创建一个需要注意的是:
ActiveRecord::RecordNotFound in NotesController#new
Couldn't find User without an ID
它指的是在对的before_filter @user线。
当我作为钥匙持有人登录后,我可以查看主页,但除此之外什么也不做?谢谢!
UPDATE:
更新的before_filter(在application_controller.rb):
def correct_user
if params[:id]
@user = User.find(params[:id])
unless (@user && current_user.id == @user.id) || (([email protected])&&([email protected]_id))
redirect_to root_path
end
else
redirect_to root_path
end
end
上说明创建
控制台输出:
Started POST "/notes" for 127.0.0.1 at 2013-02-28 14:10:49 +0000
Processing by NotesController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"qMDHQAoC4l3Be5YZKSH1AJ9E5zS1D
kMNCW2KzUZ38gM=", "note"=>{"user_id"=>"16", "content"=>""}, "commit"=>"Update Note"}
Redirected to http://localhost:3000/
Filter chain halted as :correct_user rendered or redirected
Completed 302 Found in 98ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2013-02-28 14:10:49 +0000
Processing by PublicController#index as HTML
←[1m←[36mUser Load (3.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users
"."id" = 16 LIMIT 1←[0m
Rendered public/index.html.erb within layouts/application (5.0ms)
←[1m←[36mTimeline Load (3.0ms)←[0m ←[1mSELECT "timelines".* FROM "timelines"
WHERE "timelines"."user_id" = 16 LIMIT 1←[0m
←[1m←[36mMessageBoard Load (2.0ms)←[0m ←[1mSELECT "message_boards".* FROM "me
ssage_boards" WHERE "message_boards"."user_id" = 16 LIMIT 1←[0m
Rendered partials/_menuoptions.html.erb (53.0ms)
Completed 200 OK in 551ms (Views: 535.0ms | ActiveRecord: 16.0ms)
当你去的音符控制器,你没有一个'PARAMS [:编号]'这是什么造成的错误。 – jvnill 2013-02-28 13:45:02
为什么会出现该错误,为什么它也会阻止我注销?该id甚至没有传递给设计销毁会话操作? – ecs 2013-02-28 13:47:19
你不能注销,因为之前的过滤器优先于销毁会话 – jvnill 2013-02-28 13:49:47