如何在ruby on rails上由管理员管理用户

时间:2016-03-20 08:22:00

标签: ruby-on-rails ruby-on-rails-3 ruby-on-rails-4 ruby-on-rails-3.2

我如何以管理员身份管理和编辑其他用户个人资料,因为我有一个模型和控制器(用户)?

我尝试添加一个名为updateusers的新操作

def updateusers
    @other_user=User.find(params[:id])
    if @other_user.update_attributes(otherusers_params) 
            redirect_to '/' 
    else
            redirect_to '/manage'
   end
end
  

问题在于:它正在使用other_user更新我的管理员用户   数据

堆栈跟踪 

    Started GET "/manage" for ::1 at 2016-03-19 21:06:08 +0300 Processing by
     UsersController#manage as HTML User Load (1.0ms) SELECT "users".* FROM 
"users" Rendered users/manage.html.erb within layouts/application (5.0ms) User 
Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 
[["id", 1]] Completed 200 OK in 53ms (Views: 51.0ms | ActiveRecord: 1.0ms)


    'Started GET "/users/10" for ::1 at 2016-03-19 21:06:10 +0300 Processing by 
UsersController#show as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT 
"users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered 
users/show.html.erb within layouts/application (0.0ms) User Load (0.0ms) SELECT 
"users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 
OK in 37ms (Views: 36.0ms | ActiveRecord: 0.0ms)


    Started GET "/editusers/10" for ::1 at 2016-03-19 21:06:11 +0300 Processing 
by UsersController#editusers as HTML Parameters: {"id"=>"10"} User Load (0.0ms) 
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] 
Rendered users/editusers.html.erb within layouts/application (4.0ms) User Load 
(1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] 
Completed 200 OK in 41ms (Views: 39.0ms | ActiveRecord: 1.0ms)


    Started PATCH "/users/10" for ::1 at 2016-03-19 21:06:15 +0300 Processing by 
UsersController#update as HTML Parameters: {"utf8"=>"✓", 
"authenticity_token"=>"6M1TGLQUEhiezCCg9/rT5IofdroMiQ0sm+bYcihgGDxTjDdFGU2Riou2p‌​
cRk5ncjCtFDGwfBj17Uq7gc0u329w==", "user"=>{"first_name"=>"g", "last_name"=>"g", 
"email"=>"g@g.g", "role"=>"editor", "image"=>"pic.png", "admins"=>""}, 
"other"=>"update", "id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" 
WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Unpermitted parameters: role, admins


    (0.0ms) begin transaction SQL (1.0ms) UPDATE "users" SET "first_name" = ?, 
"last_name" = ?, "email" = ?, "updated_at" = ? WHERE "users"."id" = ? 
[["first_name", "g"], ["last_name", "g"], ["email", "g@g.g"], ["updated_at", 
"2016-03-19 18:06:15.488284"], ["id", 1]] (47.0ms) commit transaction Redirected 
to localhost:8080/profile Completed 302 Found in 54ms (ActiveRecord: 48.0ms)

2 个答案:

答案 0 :(得分:0)

" editusers"中表单的用户ID设置为您的管理员(或登录用户)。没有看到代码就很难说,但我认为您已经错误地设置了editusers表单。也许使用隐藏字段来保存要更新的用户的ID。

尽量避免这种情况,并在“编辑器”中设置@user对象。行动@user = User.find(10) 然后在您的视图中使用form_for @user do |f|而不使用ID的任何隐藏字段。

答案 1 :(得分:0)

10天后,是的,我做了 - 解决方案是以提交的名义,我将这两个提交命名为不同的名称<%= f.submit“update”,名称:“其他”%>然后我使用了像这样的更新动作

def update 
    if params[:current]
       @user = current_user
       if @user.update_attributes(user_params)
          redirect_to '/profile'
       else 
          redirect_to '/edit'
       end 

     elsif params[:other]
         @other_user=User.find(params[:id])
         if @other_user.update_attributes(otherusers_params)
            redirect_to '/'
          else 
             redirect_to '/manage'
          end 
     end 

end
相关问题
最新问题