Authentication 用户登录用户权限相关

最新推荐文章于 2023-03-23 21:39:44 发布

iteye_9459

最新推荐文章于 2023-03-23 21:39:44 发布

阅读量690

点赞数

分类专栏： rails

本文链接：https://blog.csdn.net/iteye_9459/article/details/82569827

版权

rails 专栏收录该内容

14 篇文章 0 订阅

订阅专栏

[quote]
# 19Where Administration Goes#20 Restricting Access#21 Super Simple Authentication 以上三篇构一组 Authentication[/quote]
[color=blue]
# 19Where Administration Goes[/color]

script/generate scaffold episode "admin/episodes"

#Implementing The Admin Links

    <li>
        <p class="episodeId"><%= episode.episode_id %></p>
        <h3><%= link_to episode.title, episode_path(episode.identifier) %></h3>
        <p class="summary"><%= episode.summary %></p>
        <p class="tagList">Tags: <% episode.tags.each do |tag| %> <%= link_to tag.title, tag_path(tag.title) %> <% end %></p>
        <p class="adminActions">
          <%= link_to "Edit", edit_episode_path(episode) %>
          <%= link_to "Destroy", episode_path(episode), :confirm => "Are you sure?", :method => :delete %>
        </p>
    </li>
    <%= link_to “New”, new_episode_path %>

[color=blue]#20 Restricting Access
[/color]

#episodes/index.rhtml
    <% if admin? %>
      <%= link_to 'New Episode', new_episode_path %>
    <% end %>

  #controllers/application.rb
    helper_method :admin?
    protected
    def admin?
      false
    end
    def authorize
      unless admin?
        flash[:error] = "unauthorized access"
        redirect_to home_path
        false
      end
    end

    #episodes_controller.rb
    before_filter :authorize, :except => :index

[color=blue]
#21 Super Simple Authentication[/color]

controllers/application.rb
    def admin?
      session[:password] == 'foobar'
    end

sessions_controller.rb
  def create
    session[:password] = params[:password]
    flash[:notice] = "Successfully logged in"
    redirect_to home_path
  end
  def destroy
    reset_session
    flash[:notice] = "Successfully logged out"
    redirect_to login_path
  end

config/routes.rb
  map.resources :sessions, :episodes
  map.home '', :controller => 'episodes', :action => 'index'
  map.login 'login', :controller => 'sessions', :action => 'new'
  map.logout 'logout', :controller => 'sessions', :action => 'destroy'

[color=blue]#119-session-based-model[/color]

第一种方法

  def create
      ...
      session[:comment_ids] ||= []
      session[:comment_ids] << @comment.id
      ...    
  end


  保护的内容，确保只有当前的用户 session，对 edit 可见
  <% if session[:commnet_ids] && session[:comment_ids].include?(comment.id) %>
  ...
  <% end %> 

  用session对 update 进行保护
  before_filter :authorize, :only => [:edit, :update]
  def update
    。。。
  end

  private  
  def authorize
    unless session[:comment_ids] && session[:comment_ids].include?(params[:id]。to_i) #如果不是这种情况
      。。。
    end
  end

第二种方法(创建一个model user_session，对原session进行封装)

1、定义user_session.rb
class UserSession
  def initialize(session)
    @session = session
    @session[:comment_ids] ||= []
  end  
  def add_comment(comment)
    @session[:comment_ids] << comment.id
  end  
  def can_edit_comment?(comment)
    @session[:comment_ids].include?(comment.id) && comment.created_at > 15.minutes.ago
  end
end

2、application.rb
private
def user_session
  @user_session ||= UserSession.new(session)
end
helper_method :user_session

3、comment_controller.rb
def create  
  if @comment.save
    user_session.add_comment(@comment)    
    。。。
  end
end

def authorize
  unless user_session.can_edit_comment?(Comment.find(params[:id]))
   。。。
  end
end

<% if user_session.can_edit_comment? comment %>
  。。。
<% end %>

iteye_9459

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Authentication 用户登录用户权限相关

[quote]# 19Where Administration Goes#20 Restricting Access#21 Super Simple Authentication 以上三篇构一组 Authentication[/quote][color=blue]# 19Where Administration Goes[/color][code="ruby"]script/ge...
复制链接

扫一扫