我想让before_filter处理需要用户登录的操作,但是由于事实并非如此,所以一定是错误的。before_filter似乎没有“踢”
我使用名为'session_helper.rb'的帮助文件来登录/注销以及检查用户是否登录(signed_in?)。如果在一个动作或视图中使用它,但是在与before_filer一起使用它时不起作用。如果我注销用户并尝试访问“/ projects/new”,则可以这样做,而不应该这样做。
我在做什么错?
项目负责人:
class ProjectsController < ApplicationController
before_filter :signed_in?, :except => [:index] // <-- doesn't prevent e.g. the action "new" to be executed
def new
@project = Project.new
@users = (current_user.blank? ? User.all : User.find(:all, :conditions => ["id != ?", current_user.id]))
end
def index
@projects = Project.all
if signed_in? // <-- works as it should
@users_projects = Project.where(:user_id => current_user.id)
end
end
... other actions ...
end
sessions_helper.rb
module SessionsHelper
def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
end
您是否使用任何验证宝石? – 2013-02-11 19:17:13
我使用bcrypt-ruby,如果这算作一个认证宝石... – dracula 2013-02-11 19:20:23