#20 Restricting Access

最新推荐文章于 2025-05-31 13:01:17 发布

原创最新推荐文章于 2025-05-31 13:01:17 发布 · 145 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#Access #Flash

Railscasts 专栏收录该内容

108 篇文章

订阅专栏

本文介绍如何通过编程方式限制公众访问网站的管理功能，包括使用 Ruby on Rails 实现的身份验证逻辑和授权过程。

In this second part of the series on administration, you will learn how to lock down the site to keep the public from accessing the administration features.

<!-- episodes/index.rhtml -->
<% if admin? %>
  <%= link_to 'New Episode', new_episode_path %>
<% end %>
# controllers/application.rb
helper_method :admin?

protected

def admin?
  false
end

def authorize
  unless admin?
    flash[:error] = "unauthorized access"
    redirect_to home_path
    false
  end
end

# episodes_controller.rb
before_filter :authorize, :except => :index