I'm using rails 3 and devise. I would like to do build in the following work flow.
- Article is submitted on site that requires admin approval.
- Site sends the admin of the site an email with a link to the page where the admin can review edit and approve the article
I've got this impl开发者_C百科emented, however, if the admin is not currently logged into the site the admin is bounced back to the root path for not being authenticated.
Is there away that the link that that is sent in the email can act as an authentication for the specific admin?
You want to look into token authentication for devise. This allows you to use a one time key to authorize user access through a URL parameter.
See more information here. http://zyphmartin.com/blog/simple-auth-token-example-with-devise
Also you could simply create a authentication token per resource and store the authentication value in the database. When you go to the approve URL for the resource pass in the resource id and the authentication token. This would be more secure than logging the user in as administrator.
If you need more help let me know.
You could implement this as a custom controller action.
You can turn off devise authentication for a given action in a controller by adding an :except => :custom_action key to your :before_filter call.
You could include a query string in the link with the article_id and the admin_id. Then in the custom controller action, you would check that this article has not already been moderated, via an extra field in the articles table. If it had, you could bail. If it hadn't then you could allow the moderator to approve or disapprove of it, set the moderated flag to true and thank the moderator for her work.
If you wanted to get really tricky, you could make the URL include an MD5-hashed id which you could use as the key rather than an article id. You could store this in an extra field in the article model. That would make it much less likely to get spoofed during the brief window when it is moderate-able.
ian.
You could add an action to the controller (which is where your URL would point to), and then exclude it from authentication by adding this to your controller:
before_filter :authenticate_user!, :except => [:review_article]
You could include some sort of a key in the URL (e.g. MD5 of the article as Ian suggested), and check that in review_article.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论