Ruby on Rails 4: Authentication After Authentication with Multiple Devise Models

Question

Ruby on Rails 4: Authentication After Authentication with Multiple Devise Models

I created a simple Ruby on Rails 4 application with a few simple models and a PosgreSQL database that was deployed to my test VPS. Then I created three Devise models using Rails generators.

I selected individual Devise models, as the models are completely different from each other. The unidirectional inheritance method has not been discussed.

I understand that with any Devise model, I can authenticate to the site, register "developed" users, etc. It works.

Now I plan to create a place to do my credentials. I abandoned CanCan as it is not supported by Rails 4 at the moment according to what I found using Google.

Thus, the most suitable option I found is to simply use before_filtermy own authentication method, which, in turn, checks the type current_useror its existence and returns if it is good or not.

Here is an example of the pseudo code I have already tried, and it looks like it works.

before_filter :custom_authentication!

def custom_authentication!
  if current_admin
    redirect_to "admin_page"
  elsif current_monkey
    redirect_to "zoo"
  elsif current_human
    redirect_to "home"
  else
    # some unauthorised access alert
  end
end

As I understand it, I need to put this code in every controller that I have in my Rails 4 application. Is this correct?

: ? , application_controller.rb, Devise, - . ? ? ?

+3

authentication authorization ruby-on-rails-4 devise

user3266894 03 . '14 18:26

2

miahabdu · Answer 1 · 2014-02-03T20:57:08+0000

, CanCan, Rails 4. , , Pundit. .

https://github.com/elabs/pundit

, , .

posts_controller , :

class PostPolicy
  attr_reader :user, :post

  def initialize(user, post)
    @user = user
    @post = post
  end

  def update?
    user.admin?
  end
end

:

def update
  @post = Post.find(params[:id])
  authorize @post
  if @post.update(post_params)
    redirect_to @post
  else
    render :edit
  end
end

, , . Pundit ApplicationController . , - :

class ApplicationController < ActionController::Base
  protect_from_forgery
  include Pundit

  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized

private

  def user_not_authorized
    if current_monkey
      redirect_to "zoo"
    elsif current_human
      redirect_to "home"
    else
      flash[:error] = "You are not authorized to perform this action."
      redirect_to request.headers["Referer"] || root_path
    end
  end
end

. , PostPolicy :

def index?
  return true if user.type == "Monkey"
end

Eric Wanchic · Answer 2 · 2016-03-15T17:41:09+0000

miahabdu, (., ), (. ).

, .

"" .

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_action :authenticate_user!
  before_action :check_access

  private

  def check_access
    if current_user.present?
      unless find_permission(current_user, 'code assigned for login access')
        sign_out current_user
        redirect_to new_user_session_path
      end
    end

  end

end

, find_permission. current_user - , sign_out current_user . , current_user, redirect_to new_user_session_path, , User - , .

, , CaseElse IfElse.

, , check_access:

def check_access
  if current_user.present?
    unless find_permission(current_user, 'code assigned for login access')
      sign_out current_user
      redirect_to new_user_session_path
    end

    if current_admin
      redirect_to "admin_page"

    elsif current_monkey
      redirect_to "zoo"

    elsif current_human
      redirect_to "home"

    else
      sign_out current_user
      redirect_to new_user_session_path

    end

  end

end

, ? . , .

-, ? -
-, ? -
-, ? -

Ruby on Rails 4: Authentication After Authentication with Multiple Devise Models

More articles: