在rails控制器中的公共位置进行操作之前
我有两个基本控制器类,一个用于JSON资源API,另一个是应用程序控制器API类。我必须在操作之前添加权限检查,这对于两个基类都适用。
我不想重复之前的动作代码,所以想添加在共同的地方。如果我检查祖先,那么我就不会看到他们之间有任何rails默认的公共类。
有什么建议吗?我还希望当前用户在上下文中。解决这个问题的好办法是什么?
class BaseResourceController < JSONAPI::ResourceController
before_action :check_permissions
def check_permissions
current_user.permissions
end
end
class ApplicationController < ActionController::API
before_action :check_permissions
def check_permissions
current_user.permissions
end
endActionController::API.ancestors => ActionController:API,Devise:控制器::UrlHelpers,设计:控制器:帮助者,设计:控制器:存储,设计:控制器::SignInOut,ActiveRecord:Railties:ControllerRuntime,ActionDispatch::Routing::RouteSet::MountedHelpers,ActionController::RespondWith,ActionController::ParamsWrapper,ActionController::ParamsWrapper,ActionController,ActionController:检测,ActionController,ActionController::ForceSSL,抽象控制器::回调,ActiveSupport::回调,ActionController::StrongParameters,ActiveSupport::All,ActionController:BasicImplicitRender,ActionController:Controller:ConditionalGet:ActionController::呈现器,ActionController::呈现,ActionController:ApiRendering,ActionController::Redirecting,ActiveSupport::Benchmarkable,ActionController::Logger,ActionController::UrlFor,ActionDispatch:Routing:Routing:UrlFor,ActionDispatch::PolymorphicRoutes,抽象控制器:呈现,ActionView::视图,ActionController::金属化,抽象控制器::Base,ActiveSupport::ActiveSupport::ToJsonWithActiveSupportEncoder,加载对象,PP:ObjectMixin:依赖关系::可实现,ActiveJSON::Ext::Generator::GeneratorMethods::Object,:UrlFor: Kernel : BasicObject
JSONAPI::ResourceController.ancestors => JSONAPI::ResourceController,JSONAPI:回调,JSONAPI::ActsAsResourceController,ActionController:Base: ActionDispatch::Routing::RouteSet::MountedHelpers,:UrlHelpers,Devise:Controller:Helper,Devise:控制器:控制器:StoreLocation: ActionController::HttpAuthentication::Token::ControllerMethods,ActionController::HttpAuthentication::Digest::ControllerMethods,ActionController::HttpAuthentication::Basic::ControllerMethods,:SignInOut,ActiveRecord::Railties::ControllerRuntime,ParamsWrapper::RespondWith,ActionController:ParamsWrapper,ActionControllerActionController:流,ActionController::ForceSSL,ActionController:RequestForgeryProtection,AbstractController:回调,ActiveSupport:回调,ActionController::FormBuilder,ActionController:Flash,ActionController:Cookie,ActionController:ParameterEncoding,ActionController:StrongParameters,ActiveSupport::ActionController::ImplicitRender,ActionController:BasicImpl时Renderers,ActionController::MimeResponds,抽象控制器::高速缓存,动作控制器:缓存:ConfigMethods缓存:ActionController:Cookies:EtagWithFlash:ActionController:ActionController::呈现,ActionView::Layout,ActionView::呈现,ActionController::Redirecting,ActiveSupport::Benchmarkable,AbstractController::Logger,ActionController::UrlFor,ActionController::UrlFor,ActionView:路由:UrlFor,ActionDis修补程序:ActionView::Routing::PolymorphicRoutes,ActionController::Helpers,AbstractController::ActiveSupport,AbstractController::AssetPath,AbstractController::平移,抽象操作::呈现,ActionView::ActionController::Metal,ActionController:Base,ActiveSupport::Object,ActiveSupport::ToJsonWithActiveSupportEncoder,:PP:Metal,RoutingJSON::Ext::Generator::GeneratorMethods::Object,ActiveSupport::Tryable,Kernel,BasicObject
回答 1
Stack Overflow用户
发布于 2018-04-04 08:04:03
一个选项是将权限检查逻辑封装到一个模块中,并将该模块包含在相应的控制器中。权限检查实现驻留在单个文件中。
# app/controllers/concerns/permission_check.rb
module PermissionCheck
extend ActiveSupport::Concern
included do
before_action :check_permissions
end
def check_permissions
current_user.permissions
end
end现在,将它包含在控制器中,只要它需要。
class BaseResourceController < JSONAPI::ResourceController
include PermissionCheck
end
class ApplicationController < ActionController::API
include PermissionCheck
endhttps://stackoverflow.com/questions/49645013
复制相似问题
腾讯云开发者
