【发布时间】:2019-06-14 08:01:41
【问题描述】:
我已经安装了 Active Admin、Devise 和 CanCan,并配置了 CanCan 适配器(按照 Active Admin 的 wiki 上的说明)。我遇到的问题是,当用户注销时,系统没有正确重定向到登录页面。它似乎进入了无限重定向循环,即 Safari 显示“重定向过多”和“无法打开页面”。这会无限期地发生,直到我停止/启动服务器并清除缓存/cookie 以终止任何活动的 cookie 会话。
我的系统有两个管理员级别:“basic_admin”和“super_admin”。所有有效用户都应该有权访问 Active Admin 后端(没有前端 - 它是一个数据驱动的仪表板系统)。
routes.rb:
devise_for :users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
active_admin.rb:
config.authentication_method = :authenticate_user!
config.authorization_adapter = ActiveAdmin::CanCanAdapter
config.on_unauthorized_access = :access_denied
config.current_user_method = :current_user
config.authorization_adapter = ActiveAdmin::CanCanAdapter
config.on_unauthorized_access = :access_denied
config.cancan_ability_class = 'Ability'
config.logout_link_path = :destroy_user_session_path
config.filter_attributes = [:encrypted_password, :password, :password_confirmation]
config.localize_format = :long
ability.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
# Standard permissions for all users (basic and super admins)
can :read, ActiveAdmin::Page, :name => 'Dashboard'
can :manage, ServiceUser
can :manage, SupportSession, support_worker_id: user.support_worker_id
can :create, SupportSession
can :manage, User, id: user.id # Can manage only their own account
if user.role == 'super_admin' # Extra permissions for super admins
can :manage, :all
end
end
end
Console log (rails server terminal):
Started GET "/admin/login" for ::1 at 2019-06-14 08:43:23 +0100
Processing by ActiveAdmin::Devise::SessionsController#new as HTML
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
【问题讨论】:
标签: ruby-on-rails devise ruby-on-rails-5 activeadmin cancan