Pav*_*lli 3 ruby-on-rails-4 pundit
当不允许用户通过权威人员查看具有授权规则的页面时,我收到以下错误:
在此操作中多次调用渲染和/或重定向.请注意,您只能调用渲染或重定向,每次操作最多一次.另请注意,重定向和呈现都不会终止操作的执行,因此如果要在重定向后退出操作,则需要执行类似"redirect_to(...)并返回"的操作.
这是application_controller.rb:
class ApplicationController < ActionController::Base
# Includes Authorization mechanism
include Pundit
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# Globally rescue Authorization Errors in controller.
# Returning 403 Forbidden if permission is denied
rescue_from Pundit::NotAuthorizedError, with: :permission_denied
# Enforces access right checks for individuals resources
# after_filter :verify_authorized, :except => :index
# Enforces access right checks for collections
# after_filter :verify_policy_scoped, :only => :index
private
def permission_denied
flash[:error] = "You don't have the proper permissions to view this page. If you think you are supposed to then please contact us at permissions@inrtracker.com"
# this is giving a redirect loop error
redirect_to(request.referrer || root_path)
end
end
stat_policy.rb:
class StatPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user
@stat = model
end
def index?
@current_user.admin?
end
end
stats_controller.rb:
class StatsController < ApplicationController
after_action :authorize_stat
def index
@stats = Stat.all
@stat = Stat.new
render layout: "stat_layout"
end
private
def authorize_stat
authorize @stat
end
# Use callbacks to share common setup or constraints between actions.
def set_stat
@stat = Stat.find(params[:id])
end
end
小智 7
随着这种情况发生了一种奇怪的操作顺序after_action.如果你设置response_body为nil,它应该解决你的问题.
def permission_denied
flash[:error] = "You don't have the proper permissions to view this page. If you think you are supposed to then please contact us at permissions@inrtracker.com"
self.response_body = nil # This should resolve the redirect root.
redirect_to(request.referrer || root_path)
end
| 归档时间: |
|
| 查看次数: |
1742 次 |
| 最近记录: |