我希望管理员用户编辑其他用户。我怎样才能做到这一点?
有一个名为role
的字符串属性的用户模型,可以是3件事:" admin","开发人员","客户&#34 ;。我希望管理员可以更改developers' and clients'
个信息。管理员无法看到对方,因此这不会成为问题。
user.rb
class User < ActiveRecord::Base
attr_accessible :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id, :company
belongs_to :company
validates_inclusion_of :role, :in => ["admin", "developer", "client"], presence: true
end
index.html.erb
<table class="pretty" border="1" cellpadding="10">
<tr>
<th></th>
<th><%= sortable "name" %></th>
<th><%= sortable "email" %></th>
<th><%= sortable("name", "Company") %></th>
<th></th>
<th></th>
</tr>
<% for user in @users %>
<tr class="<%= cycle('oddrow', 'evenrow') -%>">
<td><%= gravatar_for user %></td>
<td><%= link_to user.name, user %></td>
<td><%= user.email %></td>
<td><%= user.company.name unless user.company_id.blank? %></td>
<td><% if (current_user.role == "admin") || ( ( (current_user.role == "developer") && !current_user?(user) ) && (user.boss_id == current_user.id) ) %>
<%= link_to "delete", user, method: :delete,
data: { confirm: "You sure?" } %>
<% end %></td>
<td><% if (current_user.role == "admin") %>
<%= link_to "reset password", user, method: :update %> ###this is where admin will edit another user
<% end %></td>
</tr>
<% end %>
</table>
使用此代码,当我点击reset password
时,它会显示:
Routing Error
No route matches [POST] "/users/1"
编辑: config / routes.rb
SampleApp::Application.routes.draw do
#get "confs/new"
resources :users
resources :sessions, only: [:new, :create, :destroy]
resources :companies
root to: 'sessions#new'
match '/home' , to: 'static_pages#home'
match '/help' , to: 'static_pages#help'
match '/about' , to: 'static_pages#about'
match '/contact' , to: 'static_pages#contact'
match '/buttons' , to: 'static_pages#buttons'
match '/signup' , to: 'users#newuser'
match '/signin' , to: 'sessions#new'
match '/signout', to: 'sessions#destroy' , via: :delete
match '/developers', to: 'users#developers'
match '/clients', to: 'users#clients'
match '/downloads', to: 'confs#downloads'
match '/new_company', to: 'companies#new'
match '/resellers', to: 'companies#resellers'
match '/companies_own', to: 'companies#owns'
match '/conf_new', to: 'confs#new'
match '/conf_show_all', to: 'confs#index'
match '/conf_show_own', to: 'confs#own'
match '/conf_show', to: 'confs#show'
resources :confs do
member do
get :download
end
end
end
编辑2:耙路线| grep用户
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
signup /signup(.:format) users#newuser
developers /developers(.:format) users#developers
clients /clients(.:format) users#clients
EDIT3: users_controller.rb
class UsersController < ApplicationController
before_filter :signed_in_user, only:[:index, :edit, :update, :destroy]
before_filter :correct_user, only:[:edit, :update]
before_filter :admin_user, only:[:edit, :destroy]
def show
@user = User.find(params[:id])
end
def newuser
@user = User.new
end
def create
@user = User.new(user_params)
if @user.save
#sign_in @user
flash[:success] = "Welcome to the ManusWeb!"
redirect_to @user
else
render 'newuser'
end
end
helper_method :sort_column, :sort_direction
def index
@users = User.where(:role => "client").
search(params[:search]).
order(sort_column + ' ' + sort_direction).
paginate(:per_page => 10, :page => params[:page])
end
def developers
@users = User.where(:role => "developer").
search(params[:search]).
order(sort_column + ' ' + sort_direction).
paginate(:per_page => 10, :page => params[:page])
end
def clients
@users = User.where(:boss_id => codevelopers.map(&:id)).
search(params[:search]).
order(sort_column + ' ' + sort_direction).
paginate(:per_page => 10, :page => params[:page])
end
def codevelopers
@users = User.where(:company_id => current_user.company_id)
end
def edit
end
def update
if @user.update_attributes(user_params)
# Handle a successful update.
flash[:success] = "Profile updated"
sign_in @user
redirect_to @user
else
render 'edit'
end
end
def destroy
User.find(params[:id]).destroy
flash[:success] = "User deleted"
redirect_to users_url
end
def client
current_user.role == "client"
end
private
def signed_in_user
unless signed_in?
store_location
redirect_to signin_url, notice: "Please sign in"
end
end
def correct_user
@user = User.find(params[:id])
redirect_to root_url, notice: "You are not authorized to request this page" unless current_user?(@user)
end
def admin_user
redirect_to(root_path) unless (current_user.role == "admin")
end
def sort_column
(( User.column_names.include?(params[:sort]) ) || ( Company.column_names.include?(params[:sort]) )) ? params[:sort] : "name"
end
def sort_direction
%w[asc desc].include?(params[:direction]) ? params[:direction] : "asc"
end
def user_params
params.require(:user).permit( :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id ) if params[:user]
end
end
答案 0 :(得分:6)
更改重置密码&#39;链接到以下内容:
<%= link_to "reset password", edit_user_path(user) %>
将correct_user
方法更改为以下内容:
def correct_user
@user = User.find(params[:id])
redirect_to root_url, notice: "You are not authorized to request this page" unless current_user.role == "admin" or current_user?(@user)
end
答案 1 :(得分:2)
:role
attr_accessible是不好的。
在UsersController中:
before_filter :accessible, only: [:create, :update]
private
def accessible
@user.accessible << :role if can? :assign_role, @user # or use your condition
end
在用户模型中:
attr_writer :accessible
def accessible
@accessible ||= []
end
private
def mass_assignment_authorizer(arg)
super + accessible
end
答案 2 :(得分:2)
运行rake路由并找到帮助网址来编辑用户,我认为链接标记应该是
<%= link_to 'Reset Password', edit_user_path(user) %>
答案 3 :(得分:0)
我确定link_to应该是 _path 或 _url
<%= link_to "reset password", edit_user_path(user)%>