Dragonfly and RefineryCMS resources authentification
28 views
Skip to first unread message
Boris
Feb 13, 2012, 4:48:07 AM2/13/12
to Dragonfly
Hi,
I would like to control resource access based on Devise user
authentification. I am aware of Dragonfly's option to override
responses:
app.configure do |c|
c.server.before_serve do |job, env|
throw :halt, [200, {'Content-type' => 'text/plain'}, ['hello']]
end
end
However, I am unsure how to use this hook in order to apply a session-
based access control.
I have tried the following paths:
1. Getting hold of the current user within the before_serve callback
(env, Thread), without success.
2. Putting a new rack middleware in front of the Dragonfly rack. This
seemed unfavorable as it affected any http request and thus the
overall performance of the application. Further, I have not managed to
disable caching of Dragonfly assets which rendered the authentication
rack pointless.
3. I added a new route which handled the authentication in the
controller before redirecting to the original Dragonfly resource.
However, I could not prevent the original route from being still
publicly accessible which again rendered the authentication step
useless.
I am a little desperate with this would appreciate any useful hint in
this matter.
Thanks,
Boris
I would like to control resource access based on Devise user
authentification. I am aware of Dragonfly's option to override
responses:
app.configure do |c|
c.server.before_serve do |job, env|
throw :halt, [200, {'Content-type' => 'text/plain'}, ['hello']]
end
end
However, I am unsure how to use this hook in order to apply a session-
based access control.
I have tried the following paths:
1. Getting hold of the current user within the before_serve callback
(env, Thread), without success.
2. Putting a new rack middleware in front of the Dragonfly rack. This
seemed unfavorable as it affected any http request and thus the
overall performance of the application. Further, I have not managed to
disable caching of Dragonfly assets which rendered the authentication
rack pointless.
3. I added a new route which handled the authentication in the
controller before redirecting to the original Dragonfly resource.
However, I could not prevent the original route from being still
publicly accessible which again rendered the authentication step
useless.
I am a little desperate with this would appreciate any useful hint in
this matter.
Thanks,
Boris
Reply all
Reply to author
Forward
0 new messages