I have a functioning rails app with devise Admins and Users, and I want to create a secure way that will only allow users with specific IDs to become authorized to become admins. Currently, I have a static link that is not very secure that will make the current user an admin(website.com/make_admin), but I want to find the most secure method to turn specific users into administrators (I am open to all options that could accomplish this). What would be the best way for me to do this?
答案 0 :(得分:0)
I'd recommend adding an admin field to the user form to select if they're an admin user, but do a check in the update/create actions on your users controller to check if the current_user (if using Devise) is another admin user (or whatever role type they need to be to update other admin permissions).
You would also probably want to do a check to make sure they can't set themselves as admin=false, otherwise you could end up with no admin users left on the site and no-one with permission to change this. That said, depending on the app you could always just manually manage admin users - my company will do this depending on the client and their needs.
答案 1 :(得分:0)
答案 2 :(得分:0)
您可以在用户模型中添加一个管理员布尔值,然后通过Rails控制台对其进行更新
rails g migration add_admin_to_users admin:boolean