Why can I NOT access an action for a controller that I leave out of filter_access_to statement in Rails 3?
I am using declarative_authorization and I have the following in a controller:
filte开发者_开发技巧r_access_to :index, :new, :edit, :step, :create, :update, :destroy
There are two actions left out. :show, :compare
. However, when I go to the URL for either of those actions, it sends me to the login screen.
Why is this ?
Shouldn't the actions that were left out, allow me to see it when I am not logged in, given that there are no other filters on that controller (except for maybe anything inherited from the ApplicationsController) ?
That shouldn't have to do with declarative_authorization ... thats Devise's (or whatever your authentication mechanism is) domain. Instead, modify the before_filter that checks if the user is authenticated to include an exception for the action(s) you want skipped.
eg. change before_filter :authenticate_user!
to before_filter :authenticate_user!, :except=>[:public_action, :other_public_action]
.
Also, if your before_filter is set inside your application controller, you can just override it inside of the controller you want to have the exception(s) and make the mods there.
精彩评论