I have a User model that Devise manages - i.e. all users have email addy/username/pass, etc. If a user logs in, based on their permissions they get access to different things. That works fine.
But I have a Client model, that I would like to grant a token to so they can access one specific action on one specific controller.
Ideally, I would like to generate a token for client john.brown@abc.com
(keep in mind that this is not a User.email, but a Client.email) so they can access the compare
action for my
stages
controller, where stage has an id of 7
.
I don't want them to be able to access any other stages, other than id7, and I don't want them to have to sign in. i.e. once they access that specific URL (for instance, myapp.com/stages/7/compare?token={unique token generated by devise}
) they can开发者_StackOverflow see it. But they can't take that token and go to stages/8/compare
for instance.
Is it possible for me to do that using Devise ?
If so, how ?
The purpose of Devise's TokenAuthenticatable
strategy is to sign in a user that Devise manages via a token. So, devise has to already manage the model you're signing in, and it sounds like in your app that Client
is not being managed by Devise. I do not think it will help you in this instance.
Devise is doing mostly authentication. What you need an authorization plugin. Try using cancan
for example (https://github.com/ryanb/cancan). That will let you grant 'roles' to your users and authorize them to do (or not do) certain actions.
There's also a Railscast available: http://railscasts.com/episodes/192-authorization-with-cancan
精彩评论