Class: ZenAdmin::SessionsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/zen_admin/sessions_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#pundit_user, zen_admin_dashboard

Methods included from ApplicationHelper

#current_sort_direction, #menu_item_visible?, #rails_blob_path, #rails_blob_url, #rails_representation_path, #rails_representation_url, #rails_storage_proxy_path, #rails_storage_proxy_url, #sort_url, #zen_highlight

Instance Method Details

#createObject 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'app/controllers/zen_admin/sessions_controller.rb', line 9

def create
  # 1. 如果启用了 RBAC 且数据库表存在,优先走数据库验证
  if ZenAdmin.configuration.rbac_enable && ActiveRecord::Base.connection.table_exists?("zen_admin_users")
    user = ZenAdmin::User.find_by(username: params[:username])
    if user&.authenticate(params[:password])
      session[:zen_admin_user_id] = user.id
      return redirect_to root_path, notice: "欢迎回来,#{user.username}!"
    end
    
    # 如果开启了 RBAC 但数据库验证失败,且未找到用户,则不再尝试硬编码登录 (防止后门)
    # 除非配置显式允许混合模式 (当前未实现,故严格安全优先)
    flash.now[:alert] = "用户名或密码错误"
    return render :new, status: :unprocessable_entity
  end

  # 2. 仅在未开启 RBAC 时,使用硬编码验证
  if params[:username] == ZenAdmin.configuration.username &&
     params[:password] == ZenAdmin.configuration.password
    session[:zen_admin_user_id] = "config_admin"
    redirect_to root_path, notice: "登录成功(基础模式)"
  else
    flash.now[:alert] = "用户名或密码错误"
    render :new, status: :unprocessable_entity
  end
end

#destroyObject 



35
36
37
38
 
# File 'app/controllers/zen_admin/sessions_controller.rb', line 35

def destroy
  session[:zen_admin_user_id] = nil
  redirect_to , notice: "已安全退出"
end

#newObject 



6
7
 
# File 'app/controllers/zen_admin/sessions_controller.rb', line 6

def new
end