开发者

Devise::RegistrationsController#show

开发者 https://www.devze.com 2023-03-14 00:39 出处:网络
I have a controller which inherits from Devise::RegistrationsController. I have added a show action to the controller. T开发者_如何学Pythonhe problem is that even when the user is logged out they can

I have a controller which inherits from Devise::RegistrationsController. I have added a show action to the controller. T开发者_如何学Pythonhe problem is that even when the user is logged out they can access this action even though at the top of my controller I have:

before_filter :authenticate_user!, :except => [:new, :create]

Why isn't authenticate_user! disallowing access to my show action?


I tested this with one of my application. The filter authentication_person! (it's person in my case) works well for all other controllers but doesn't work for controller inherited from Devise::RegistrationsController. This may be an issue or limitation with devise. Needs to be added to issues discussion at github.

The other workaround can be to create a filter method should_be_logged_in? into the application controller and then checking for person_signed_in? helper and redirecting accordingly.


Might be an issue with auth scope.. try adding the following to you controller:

prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy, :show]
0

精彩评论

暂无评论...
验证码 换一张
取 消