Multiple before_filter statements for correct_user and admin

冷暖自知 提交于 2019-12-08 22:17:43

问题


I have a Group resource that I'm trying to set up with proper authorizations.

The authorization logic I'm trying to implement is this:

  1. Only group members should be able to view their group.
  2. An admin can view any group, as well as take other actions.

I'm attempting to do this with the following before_filter statements in the group controller:

before_filter :signed_in_user
before_filter :correct_user, only: :show
before_filter :admin_user, only: [:show, :index, :edit, :update, :destroy]

Correct_user works as I have verified that only group members can view their group. However, what I want to happen is for the admin :show clause to override this, so that an admin can view any group. Currently that is not working. I'm guessing I have something wrong here with my filter ordering and options.

Can someone tell me where I've gone wrong?

EDIT

Adding my method code per Amar's request:

private

def correct_user
  # User has to be a member to view
  @group = Group.find(params[:id])
  redirect_to(root_path) if @group.members.find_by_member_id(current_user).nil?
end

def admin_user
  redirect_to(root_path) unless current_user.admin?
end

回答1:


Update the correct_user method or create another method with the following definition, remove show from other filter and add before_filter with new method.

def correct_user
   @group = Group.find(params[:id])
   redirect_to(root_path) if @group.members.find_by_member_id(current_user).nil?  && !current_user.admin?
end


来源:https://stackoverflow.com/questions/10150098/multiple-before-filter-statements-for-correct-user-and-admin

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!