0
我已經作出管理控制器與會話,現在我試圖限制 某些頁面的訪問,這是我的application_controller.rb軌道3限制訪問
class ApplicationController < ActionController::Base
before_filter :authorize, :except => :login
protect_from_forgery
protected
def authorize
unless User.find_by_id(session[:user_id])
flash[:notice] = "Please log in"
redirect_to :controller => 'admin', :action => 'login'
end
end
end
,這是控制器I試圖限制其訪問
class PhotosController < ApplicationController
def index
@photos = Photo.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @photos }
end
end
def show
@photo = Photo.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @photo }
end
end
def new
@photo = Photo.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @photo }
end
end
def edit
@photo = Photo.find(params[:id])
end
def create
upload = params[:upload]
@photo = Photo.new(params[:photo])
respond_to do |format|
if @photo.save
post = Datafile.save(upload, @photo.id)
format.html { redirect_to(@photo, :notice => 'Photo was successfully created.') }
format.xml { render :xml => @photo, :status => :created, :location => @photo }
else
format.html { render :action => "new" }
format.xml { render :xml => @photo.errors, :status => :unprocessable_entity }
end
end
end
def update
@photo = Photo.find(params[:id])
respond_to do |format|
if @photo.update_attributes(params[:photo])
format.html { redirect_to(@photo, :notice => 'Photo was successfully updated.') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @photo.errors, :status => :unprocessable_entity }
end
end
end
def destroy
@photo = Photo.find(params[:id])
@photo.destroy
respond_to do |format|
post = Datafile.delete(@photo.id)
format.html { redirect_to(photos_url) }
format.xml { head :ok }
end
end
protected
def authorize
end
end
但它不會限制它,可以告訴我我失蹤了什麼?定義重新從應用控制器
'helper_method'使這個方法在視圖中可用。這不會解決問題。 – 2011-05-18 12:32:40