0
迈克·哈特对添加授权教程中介绍的下面的代码(link原来的代码清单)。为什么方法update
致电sign_in @user
。这对我来说似乎是多余的,因为before_filter :correct_user
应该保证客户端已登录,因为方法correct_user
中的current_user?(@user)
。更新授权(Ruby on Rails的教程)
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:edit, :update]
before_filter :correct_user, only: [:edit, :update]
.
.
.
def edit
end
def update
if @user.update_attributes(params[:user])
flash[:success] = "Profile updated"
sign_in @user
redirect_to @user
else
render 'edit'
end
end
.
.
.
private
def signed_in_user
redirect_to signin_url, notice: "Please sign in." unless signed_in?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
end
啊,你是对的。在用户模型保存后,我忘记了remember_token的更改。 – user782220 2013-04-06 00:28:22