0

devise の rails generator を使用して 3 つの異なるロール (ユーザー、管理者、マネージャー) を作成しました。それらは異なるテーブルとモデルに格納されています...

誰かが同じセッション中に 2 つの異なるロールにログインすることを禁止するにはどうすればよいですか?

4

1 に答える 1

0

When a user tries to log in you can verify he isn't logged in as another role. To do that you will have to override devise SessionsController. It is explained here for RegistrationsController but the same can be done with SessionsController. Next add a before filter to your new SessionsController:

before_filter :require_not_authenticated_in_other_scopes, :only => [:new, :create]

Then just implement the filter in the controller:

def require_not_authenticated_in_other_scopes
  other_types = [:user, :admin, :manager] - [resource_name]
  other_types.each do |type|
    if self.send("#{type}_signed_in?") 
      resource = warden.user(type)
      redirect_to after_sign_in_path_for(resource)
    end
  end
end

I've taken parts of the implementations from Devise's SessionsController itself you can find it in their GitHub repository.

于 2012-10-31T14:22:06.260 に答える