i am trying to make the route private, the case is like this:
if user want to go 'galleries/:id'
it gonna redirect to gallery/login?id=:id
and on that gallery_login_path
html, I make a login form into to that gallery with required PIN
that form gonna trigger to URL: gallery_auth_path
, the method us like this :
def auth
@error_login
@gallery = Gallery.find_by(id: params[:gallery_id])
if @gallery.pin.nil?
redirect_to "galleries/#{@gallery.id}"
elsif @gallery.pin == params[:pin] && @gallery.expired_pin.past?
@error_login = 'PIN expired'
elsif @gallery.pin == params[:pin] && !@gallery.expired_pin.past?
redirect_to "/galleries/#{@gallery.id}"
true
else
@error_login = 'PIN not match'
end
@error_login = 'Required PIN' unless params[:pin].present?
if @error_login.present?
respond_to do |format|
@error_login
format.js {render 'galleries/error_login' , layout: false}
end
end
end
on login.html.haml
:
= form_with url: gallery_auth_path do |f|
= hidden_field_tag :gallery_id, "#{params[:id]}"
.form-group.row
= f.label :pin, class: 'col-sm-2 col-form-label text-center'
.col-sm-4.col-md-4.col-xs-4
= f.text_field :pin, class: 'form-control', placeholder: 'PIN'
.form-group
.col-sm-4
= f.submit 'Login', data: {disable_with: 'Loading...'}, class: 'btn btn-primary '
当用户输入错误的PIN时,login.html上的错误消息可以正常工作,但是当PIN正确时,则无法触发“ galleries /:id”
在我的galleries_controller中:
before_action :authenticate, only: [:show]
def login
end
def auth
// method on above
end
private
def authenticate
redirect_to "/gallery/login?id=#{params[:id]}"
end
我在这种情况下使用before_action是错误的吗?有什么办法可以纠正这种情况? 因为在用户输入正确的图钉后在图库登录表单上,它无法触发“ galleries /:id”,因为我敢打赌,
Change
params[:pin]
withparams[:gallery][:pin]
in controller method