问题描述
我遵循了这个,了解如何让管理员批准新用户。我的 User 模型上有一个 approved 属性,它是一个布尔值。
I followed this link to figure out how to have an admin approve a new user. I have an approved attribute on my User model that is a boolean.
2个问题-1)当我以管理员身份登录并通过 link_to Edit,edit_user_path(user )更改批准的用户-该网址适用于正确的用户,但更新操作会尝试更新当前的管理员用户。
2 problems - 1) when I'm logged in as admin and go to the edit user via the link_to "Edit", edit_user_path(user) to change approved user - the url is for the correct user but then the update action tries to update the current admin user.
2)我希望覆盖所需的当前密码,因此我在 Registration 控制器中放置了一个方法,以在下面执行此操作,但出现此错误:
2) I would prefer to have the override of the needed current password so I've put a method in the Registrations controller to do this below but get this error:
错误:用户的未知属性'current_password'。
不会覆盖 current_password 并且不会更新正确的非管理员用户-
我在哪里出问题了?
So it won't override the current_password and it won't update the correct non-admin user -Where am I going wrong?
class Ability
include CanCan::Ability
def initialize(user)
current_user ||= User.new # guest user (not logged in)
if current_user.admin == true
can :manage, :all
else
can :manage, User, id: user.id
end
end
end
路线
Rails.application.routes.draw do
devise_for :users, controllers: { registrations: 'registrations' }
resources :users
end
控制器
class RegistrationsController < Devise::RegistrationsController
def update_resource(resource, params)
resource.update_without_password(params) if current_user.admin == true
end
end
推荐答案
我花了很多时间试图解决这个问题,但没有找到在线上有任何权威的端到端完整示例,因此将所有内容都放在下面,以便RoR / Devise的任何新用户都不会遇到相同的问题。
I spent a lot of time trying to solve this and didn't find any definitive, end-to-end complete examples online so I'm putting everything below so any new users to RoR/Devise hopefully won't have same problems.
假设 Devise 在 User 模型中。
确保相应地设置了Cancancan。类似于以下内容:
Assuming Devise is on the User model.Ensure your Cancancan is setup accordingly. Something similar to this:
models / ability.rb
models/ability.rb
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
current_user ||= User.new # guest user (not logged in)
if current_user.admin
can :manage, :all
else
can :manage, User, id: user.id
end
end
end
遵循
他提到有一个仅管理员可访问页面。如果有人不确定该怎么做:
He mentions have an 'admin-accessible only' page. In case someone's not sure how to do this:
class UsersController < ApplicationController
before_action :admin?, only: :index
def index
if params[:approved] == false
@users = User.where(approved: false)
else
@users = User.all
end
end
private
def admin?
redirect_to '/login' unless current_user.admin == true
end
end
替换此行(我在链接中使用.erb而不是.haml)%td = link_to Edit,edit_user_path(user):
<%=用户批准的%>
Replace this line (I use .erb not .haml as he does in the link) %td= link_to "Edit", edit_user_path(user) with this: <%= User.approved %>
<td>
<% if !User.approved %>
<%= link_to "Approve User", user_path(:id => user.id, "user[approved]" => true), :method => :patch, class: "btn btn-success" %>
<% else %>
<%= link_to "Unapprove User", user_path(:id => user.id, "user[approved]" => false), :method => :patch, class: "btn btn-danger" %>
<% end %>
</td>
这实际上是一个按钮,单击该按钮将批准用户,反之亦然。使我困扰了几天的关键是:a)您必须确保您的表单(在这种情况下, link_to 会击中Users控制器,而不是 RegistrationsController#update 方法。
This essentially gives you a button that when clicked, will approve the user and visa-versa. The key here that tripped me up for days is that a) You have to ensure that your form (in this case, the link_to hits the Users controller and NOT the RegistrationsController#update method.
我知道一些在线链接给出了创建 Registration
I know some online links gave instructions to create a Registrations model and changing routes, overriding models, etc.
老实说,我的最终解决方案不需要这些,希望对您有所帮助!
Honestly, my final solution didn't need any of that. Hope this helps!
这篇关于用户的管理员更改批准状态-Rails + Devise + Cancancan的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!