我陷入了非常奇怪的境地。我正在使用Devise并且不能确定这两个是否在我的挫折中发挥作用。所以我有一个具有父子关系的用户模型。
class User < ActiveRecord::Base
has_many :child_users, :class_name => "User",:foreign_key => "parent_id", :dependent => :destroy
belongs_to :parent, :class_name => "User"
end
当我删除子项时,我能够成功完成,但当我删除父用户时,我会重定向到根页面,说“您无权访问此页面”。这是我删除子用户时的代码
<h1>Users</h1>
<table class="table table-striped">
<thead>
<tr>
<th>Email</th>
</tr>
</thead>
<tbody>
<% @users.each do |user| %>
<tr>
<td><%= user.email %></td>
<td>
<%= link_to 'Show', user_path(user), :class => 'btn btn-mini' %>
<%= link_to 'Edit', edit_user_path(user), :class => 'btn btn-mini' %>
<%= link_to 'Destroy', user_path(user), :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-mini btn-danger' %>
<%= link_to "Categories", {:controller => "levels", :id => user.id },:class => 'btn btn-mini'%>
</td>
</tr>
<% end %>
</tbody>
</table>
<%= link_to "Add Sub Child", {:controller => "users", :action => "sub_child", :parent_id => current_user.id },:class => 'btn'%>
以下代码用于删除父用户
<h1>User</h1>
<p></p>
<table width="40%">
<tr>
<td><b>Email</b></td>
<td><%= @user.email %></td>
</tr>
</table>
<div class="form-actions">
<%= link_to 'Edit', edit_user_path(@user), :class => 'btn' %>
<%= link_to 'Delete', user_path, :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-danger' %>
</div>
用户控制器
class UsersController < ApplicationController
before_filter :authenticate_user!
load_and_authorize_resource
respond_to :html, :json, :xml
def show
@user = User.find(params[:id])
respond_with @user
end
def new
@user = User.new
RAILS_DEFAULT_LOGGER.error '***** JLD Message *****'
end
def index
respond_with(@users = current_user.child_users)
end
def edit
@user = User.find(params[:id])
end
def create
@user = User.new(params[:user])
if @user.save
flash[:notice] = "#{ @user.email } created."
redirect_to users_path
else
render :action => 'new'
end
end
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to users_url }
format.json { head :no_content }
end
end
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to @user, notice: 'User was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
end
class ApplicationController < ActionController::Base
protect_from_forgery
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end
end
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
# if user.admin?
# can :manage, :all
#else
can [:read, :update], User, :id => user.id
can :manage, User, :parent_id => user.id
#end
end
end
非常感谢任何建议。 感谢
答案 0 :(得分:2)
您在删除链接中忘记了@user
<%= link_to 'Delete', user_path(@user), :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-danger' %>
答案 1 :(得分:0)
我明白了。在能力模型之前说
can [:read, :update], User, :id => user.id
现在有了这个改变
can :manage, User, :id => user.id
我可以删除父用户。当你要求能力模型给我指导时,感谢juanpastas。