I have this showing up all over in my controllers:
我在控制器中出现了这个:
if not session[:admin]
flash[:notice] = "You don't have the rights to do #{:action}."
redirect_to :action=>:index
return
end
And its sibling:
它的兄弟姐妹:
if not session[:user] and not session[:admin]
flash[:notice] = "You don't have the rights to do #{:action}."
redirect_to :action=>:index
return
end
I would like to reduce this all down to a single declarative line when I want to use it in a method:
当我想在方法中使用它时,我想将这一切减少到单个声明性行:
def action_which_requires_rights
require_rights :admin
#or:
#:require_rights :user_or_admin
end
Clearly, if require_rights fails, I don't want the rest of the method executed. I would swear that there was a way to do this, but I can't find where I read about it. Am I imagining this?
显然,如果require_rights失败,我不希望执行其余的方法。我发誓有办法做到这一点,但我找不到我读到的地方。我在想这个吗?
5 个解决方案
#1
8
Firstly you can do: unless session[:admin]
instead of if not ...
首先你可以这样做:除非会话[:admin]而不是if ...
Then you can have a before filter which calls your method, this method would do your redirect_to "url" and return.
然后你可以有一个调用你的方法的前置过滤器,这个方法会做你的redirect_to“url”并返回。
I have a question, I hope you are not just storing the id of the admin in a session as your the only means of authentication, having an attribute on your user model and querying that might be a safer bet.
我有一个问题,我希望你不只是将管理员的id存储在会话中作为唯一的身份验证方式,在你的用户模型上有一个属性并查询可能是一个更安全的赌注。
#2
6
As others have said, a before_filter seems like the right tool here. But I'll address the actual pattern you were asking about.
正如其他人所说,before_filter似乎是正确的工具。但我会解决你所询问的实际模式。
Unfortunately, a method can't cause its calling method to return. The two closest matches to the pattern you are looking for:
不幸的是,方法不能使其调用方法返回。与您正在寻找的模式最接近的两个匹配项:
A block:
一个街区:
def require_rights(rights)
if session[rights]
yield
else
flash[:notice] = "You don't have the rights to do #{:action}."
redirect_to :action=>:index
end
end
So with that you'd do:
所以你要这样做:
def action_which_requires_rights
require_rights :admin do
#do whatever here
end
end
Or a return value:
或者返回值:
def require_rights(rights)
return true if session[rights]
flash[:notice] = "You don't have the rights to do #{:action}."
redirect_to :action=>:index
false
end
So with that you'd do:
所以你要这样做:
def action_which_requires_rights
require_rights :admin or return
#do whatever here
end
I like the block better because it fits in with similar methods, and making the caller do or return
feels kind of unnatural to me.
我更喜欢这个块,因为它适合类似的方法,并且让调用者做或返回对我来说有点不自然。
#3
3
Look at before_filter. They can halt execuion and can be limited to certain actions.
看看before_filter。他们可以停止执行,并且可以限于某些行动。
#4
1
I wouldn't show an action to user if user is not permitted to execute this action (I would use helpers to accomplish that)
如果不允许用户执行此操作,我不会向用户显示操作(我会使用帮助程序来完成此操作)
In controllers, as mentioned in other answers, imho the best approach is to use before filters to control access rights.
在控制器中,如其他答案中所述,最好的方法是在过滤器之前使用来控制访问权限。
I would also suggest to use restful authentication plugin to manage user roles.
我还建议使用restful authentication插件来管理用户角色。
#5
0
You could try something that throws an exception.
你可以尝试抛出异常的东西。
def action_for_admins
require_rights :admin
end
begin
action_for_admins
rescue
<%= You don't have the rights to do that %>
end
Then require_rights should look something like that
然后require_rights看起来应该是这样的
def require_rights(*rights)
rights.each do |right|
raise "Missing right #{right.to_s}" if not user.has_right?(right)
end
end
Note that I am a beginner in Ruby or Rails so it may not be the way.
请注意,我是Ruby或Rails的初学者,所以可能不是这样。
#1
8
Firstly you can do: unless session[:admin]
instead of if not ...
首先你可以这样做:除非会话[:admin]而不是if ...
Then you can have a before filter which calls your method, this method would do your redirect_to "url" and return.
然后你可以有一个调用你的方法的前置过滤器,这个方法会做你的redirect_to“url”并返回。
I have a question, I hope you are not just storing the id of the admin in a session as your the only means of authentication, having an attribute on your user model and querying that might be a safer bet.
我有一个问题,我希望你不只是将管理员的id存储在会话中作为唯一的身份验证方式,在你的用户模型上有一个属性并查询可能是一个更安全的赌注。
#2
6
As others have said, a before_filter seems like the right tool here. But I'll address the actual pattern you were asking about.
正如其他人所说,before_filter似乎是正确的工具。但我会解决你所询问的实际模式。
Unfortunately, a method can't cause its calling method to return. The two closest matches to the pattern you are looking for:
不幸的是,方法不能使其调用方法返回。与您正在寻找的模式最接近的两个匹配项:
A block:
一个街区:
def require_rights(rights)
if session[rights]
yield
else
flash[:notice] = "You don't have the rights to do #{:action}."
redirect_to :action=>:index
end
end
So with that you'd do:
所以你要这样做:
def action_which_requires_rights
require_rights :admin do
#do whatever here
end
end
Or a return value:
或者返回值:
def require_rights(rights)
return true if session[rights]
flash[:notice] = "You don't have the rights to do #{:action}."
redirect_to :action=>:index
false
end
So with that you'd do:
所以你要这样做:
def action_which_requires_rights
require_rights :admin or return
#do whatever here
end
I like the block better because it fits in with similar methods, and making the caller do or return
feels kind of unnatural to me.
我更喜欢这个块,因为它适合类似的方法,并且让调用者做或返回对我来说有点不自然。
#3
3
Look at before_filter. They can halt execuion and can be limited to certain actions.
看看before_filter。他们可以停止执行,并且可以限于某些行动。
#4
1
I wouldn't show an action to user if user is not permitted to execute this action (I would use helpers to accomplish that)
如果不允许用户执行此操作,我不会向用户显示操作(我会使用帮助程序来完成此操作)
In controllers, as mentioned in other answers, imho the best approach is to use before filters to control access rights.
在控制器中,如其他答案中所述,最好的方法是在过滤器之前使用来控制访问权限。
I would also suggest to use restful authentication plugin to manage user roles.
我还建议使用restful authentication插件来管理用户角色。
#5
0
You could try something that throws an exception.
你可以尝试抛出异常的东西。
def action_for_admins
require_rights :admin
end
begin
action_for_admins
rescue
<%= You don't have the rights to do that %>
end
Then require_rights should look something like that
然后require_rights看起来应该是这样的
def require_rights(*rights)
rights.each do |right|
raise "Missing right #{right.to_s}" if not user.has_right?(right)
end
end
Note that I am a beginner in Ruby or Rails so it may not be the way.
请注意,我是Ruby或Rails的初学者,所以可能不是这样。