这是一个Rails应用程序,我已经实现authentiction控制器与1个视图除外这样我在这个Authenticaton实现中丢失了什么?
before_filter :authenticate, except: [:new]
认证控制器内工作的伟大。
允许.............
localhost:3000/softruns/new
公众视野,并做不允许公众视野.............
localhost:3000/softrunss/1/edit
localhost:3000/softruns <---- index page
问题是当用户提交localhost:3000/softruns/new表单时,它会触发认证。 我甚至在成功提交后将用户重定向到home/index.html页面。
我可能会错过什么?
这里是我的softruns_controller.rb
require 'digest/sha2'
class SoftrunsController < ApplicationController
before_filter :authenticate, except: [:new]
before_action :set_softrun, only: [:show, :edit, :update, :destroy]
# GET /softruns
# GET /softruns.json
def index
@softruns = Softrun.all
end
# GET /softruns/1
# GET /softruns/1.json
def show
end
# GET /softruns/new
def new
@softrun = Softrun.new
end
# GET /softruns/1/edit
def edit
end
# POST /softruns
# POST /softruns.json
def create
@softrun = Softrun.new(softrun_params)
respond_to do |format|
if @softrun.save
format.html { redirect_to root_path, notice: 'Softrun was successfully created.' }
format.json { render action: 'show', status: :created, location: @softrun }
else
format.html { render action: 'new' }
format.json { render json: @softrun.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /softruns/1
# PATCH/PUT /softruns/1.json
def update
respond_to do |format|
if @softrun.update(softrun_params)
format.html { redirect_to @softrun, notice: 'Softrun was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @softrun.errors, status: :unprocessable_entity }
end
end
end
# DELETE /softruns/1
# DELETE /softruns/1.json
def destroy
@softrun.destroy
respond_to do |format|
format.html { redirect_to softruns_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_softrun
@softrun = Softrun.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def softrun_params
params.require(:softrun).permit(:soft_email, :soft_twitter, :prim_session)
end
private
def authenticate
userhash = { }
User.all.each do |user|
userhash.store(user.username, user.password)
end
authenticate_or_request_with_http_digest("localhost") do |username|
userhash[username]
end
end
end
'authenticate' ...对我来说似乎很奇怪。当**任何用户**需要**任何需要验证的操作**时,您正在与**所有用户**进行特定操作。为什么?这背后有什么想法? – 2014-11-03 21:13:18