我正在努力使它只有管理员可以添加设计使用.我已经得到它主要工作,但是现在当我以管理员身份登录并提交注册表单时,它将我带回错误:您已经登录了.
我试着按照这里的说明:http://wiki.summercode.com/rails_authentication_with_devise_and_cancan,但似乎没有提到这种情况.
我是否需要在editors_controller中进一步覆盖以允许这样做?
devise_for :admins,:skip => [:registrations]
as :admin do
get 'admin/editors' => 'editors#index',as: :admin_editors
get 'admin/editors/new' => 'editors#new',as: :new_editor
delete 'admin/editors/:id' => 'editors#destroy',as: :destroy_editor
end
devise_for :editors,:skip => [:registrations],:controllers => { :registrations => "editors" }
和我的editors_controller在“app / controllers /”中
class EditorsController < Devise::RegistrationsController
before_filter :check_permissions,:only => [:new,:create,:cancel]
skip_before_filter :require_no_authentication
def dashboard
render "editors/dashboard.html.haml"
end
def index
@editors = Editor.all
respond_to do |format|
format.html
end
end
private
def check_permissions
authorize! :create,resource
end
end
编辑
我注意到这个Processing by Devise :: RegistrationsController#在我提交表单时在日志中创建为HTML.我怀疑也许没有调用skip_before_filter:require_no_authentication,但是假设因为EditorsController继承了RegistrationController,之前过滤器才能正常工作.那不是这样吗?
解决方法
您需要在EditorsController上实现自己的create方法,而不是从Devise :: RegistrationsController继承该操作.正如您所看到的,Devise :: RegistrationsController中的方法将首先检查您是否已经登录并且如果您已经将其踢回去.如果您尚未登录,则会创建一个用户帐户,然后以该用户身份登录.
您正试图通过skip_before_filter:require_no_authentication来解决该问题,但您的表单可能是POST / to / POSTitors而不是/ admin / editors.因此,您需要添加一个允许您在EditorsController上创建的路由:
as :admin do post 'admin/editors' => 'editors#create' # your other :admin routes here end
然后你想要实现缩小版的create.你可能想要这样的东西:
class EditorsController < Devise::RegistrationsController
def create
build_resource(sign_up_params)
if resource.save
redirect_to admin_editors_path
else
clean_up_passwords resource
respond_with resource
end
end
# your other methods here
end
您还需要确保admin / editors / new模板将表单指向正确的路径(‘admin / editors’).