Adding authentication constraint with Devise
I'm working on a Rails 3.1 application with Devise for the authentication part. In my application, I have sites and users, with users having access only to some sites (defined at the user's creation). What I'm trying to do is that at sign in, in addition to provide email and password, the user must choose a site and the sign in succeeds only if the chosen site is one of the sites the user has access to. In order to do that, what I did is overriding the Devise::SessionsController like this:
class SessionsController < Devise::SessionsController
def create
user = User.find_by_email params[:user][:email]
site = Site.find_by_id params[:user][:site_id]
if user && user.can_access_site?(site)
super
if user_signed_in?
user_session[:site_id] = site.try(:id)
end
else
redirect_to new_user_session_path, :alert => t('devise.failure.invalid')
end
end
end
But it doesn't work: the user authentication seems to have already been done (i.e. @current_user is set) before my call to super. Any idea how I could achieve what I'm trying to do? 开发者_JAVA百科Thx!
精彩评论