开发者

Authlogic HTTP Basic UserSession.find returns nil, means declarative_authorization can't get a current_user

开发者 https://www.devze.com 2023-01-17 11:33 出处:网络
When using Authlogic\'s HTTP Basic auth, UserSession.find returns nil since the session appears not to be set. As a result, declarative_authorization, which references the usual current_user method (a

When using Authlogic's HTTP Basic auth, UserSession.find returns nil since the session appears not to be set. As a result, declarative_authorization, which references the usual current_user method (as below), can't find a current user.

def current_user_session
    return @current_user_session if defin开发者_运维问答ed?(@current_user_session)
    @current_user_session = UserSession.find
end

def current_user
    return @current_user if defined?(@current_user)
    @current_user = current_user_session && current_user_session.record
end

Is it possible to create a session when a user auths via HTTP basic (even though that session will only last until the request closes) or is there a better way of doing this?


Bumping this. I'm exactly having the same issue (with the same gems - authlogic + declarative_auth).

Found the solution for me, all i needed was to copy the following code to the end of the authorization_rules.rb

privileges do
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :read, :includes => [:index, :show]
  privilege :create, :includes => :new
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end


Having fiddled with Devise, everything now seems to be working, as long as when using ActiveResource I do site = "http://user:password@domain", rather than:

site = "http://domain"
username = "user"
password = "password"

Which doesn't work. I havn't taken the time to dig into why.

0

精彩评论

暂无评论...
验证码 换一张
取 消