问题描述
我正在努力使只有管理员可以使用设计添加用途.我已经得到它的大部分工作但是现在当我以管理员身份登录并提交注册表时,它会以错误提示我:您已经登录.
I'm trying to make it so only admins can add uses with devise. I've gotten it mostly working however now when I'm logged in as an admin and submit the sign up form it kicks me back with the error: You are already signed in.
我尝试按照此处的说明进行操作:http://wiki.summercode.com/rails_authentication_with_devise_and_cancan 但它没有好像没有提到这种情况.
I've tried to follow the instructions here: http://wiki.summercode.com/rails_authentication_with_devise_and_cancan but it doesn't seem to mention this situation.
我是否需要在 editors_controller 中做进一步的覆盖以允许这样做?
Do I need to do further overriding in the editors_controller to allow this?
这是我的路线(editors"是我的用户模型的名称):
Here are my routes ("editors" is the name of my user model):
devise_for :admins, :skip => [:registrations]
as :admin do
get 'admin/editors' => 'editors#index', as: :admin_editors
get 'admin/editors/new' => 'editors#new', as: :new_editor
delete 'admin/editors/:id' => 'editors#destroy', as: :destroy_editor
end
devise_for :editors, :skip => [:registrations], :controllers => { :registrations => "editors" }
和我的 editors_controller 在app/controllers/"
and my editors_controller in "app/controllers/"
class EditorsController < Devise::RegistrationsController
before_filter :check_permissions, :only => [:new, :create, :cancel]
skip_before_filter :require_no_authentication
def dashboard
render "editors/dashboard.html.haml"
end
def index
@editors = Editor.all
respond_to do |format|
format.html
end
end
private
def check_permissions
authorize! :create, resource
end
end
编辑当我提交表单时,我在日志中注意到了这个 Processing by Devise::RegistrationsController#create as HTML.我怀疑也许 skip_before_filter :require_no_authentication 没有被调用,但假设因为 EditorsController 是从 RegistrationController 继承的,所以之前的过滤器会好好工作.不是这样吗?
EDITI noticed this Processing by Devise::RegistrationsController#create as HTML in the logs when I submit the form. I had suspected that perhaps the skip_before_filter :require_no_authentication wasn't being called, but assumed that because the EditorsController was inheriting from RegistrationController that before filter would work properly. Is that not the case?
推荐答案
您需要在 EditorsController 上实现自己的 create 方法,而不是从 .如您所见,Devise::RegistrationsController 中的方法将首先检查您是否已经登录,如果您已经登录,则将您踢回去.如果您未登录,它将创建一个 User 帐户,然后您以该用户身份登录.
You'll want to implement your own create method on EditorsController instead of inheriting that action from Devise::RegistrationsController. As you're seeing, the method in Devise::RegistrationsController will first check to see if you're already logged in and kick you back if you are. If you're not logged in it will create a User account and then log you in as that user.
您正在尝试使用 skip_before_filter :require_no_authentication 解决这个问题,但您的表单很可能正在 POST 到 /editors而不是 /admin/editors.因此,您需要添加一个允许您访问 EditorsController 上的 create 的路由:
You're trying to get around that problem with skip_before_filter :require_no_authentication, but it's likely that your form is POSTing to /editors instead of /admin/editors. So, you'll need to add a route that allows you to get to create on the EditorsController :
as :admin do
post 'admin/editors' => 'editors#create'
# your other :admin routes here
end
然后你会想要实现一个缩小版本的create.你可能想要这样的东西:
Then you'd want to implement a scaled down version of create. You probably want something kind of like this :
class EditorsController < Devise::RegistrationsController
def create
build_resource(sign_up_params)
if resource.save
redirect_to admin_editors_path
else
clean_up_passwords resource
respond_with resource
end
end
# your other methods here
end
您还需要确保 admin/editors/new 模板将表单指向正确的路径 ('admin/editors').
You'll also want to make sure that the admin/editors/new template is pointing the form to the correct route ('admin/editors').
这篇关于允许管理员使用 Devise 添加用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!