rails 3 admin编辑另一个用户

时间:2013-09-16 06:45:13

标签: ruby-on-rails ruby admin edit

我希望管理员用户编辑其他用户。我怎样才能做到这一点?

有一个名为role的字符串属性的用户模型,可以是3件事:" admin","开发人员","客户&#34 ;。我希望管理员可以更改developers' and clients'个信息。管理员无法看到对方,因此这不会成为问题。

user.rb

class User < ActiveRecord::Base
  attr_accessible :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id, :company
  belongs_to :company
  validates_inclusion_of :role, :in => ["admin", "developer", "client"], presence: true
end

index.html.erb

<table class="pretty" border="1" cellpadding="10">  
  <tr>
    <th></th>
    <th><%= sortable "name" %></th>
    <th><%= sortable "email" %></th>
    <th><%= sortable("name", "Company") %></th>
    <th></th>
    <th></th>
  </tr>  

  <% for user in @users %>  
  <tr class="<%= cycle('oddrow', 'evenrow') -%>">
    <td><%= gravatar_for user %></td>
    <td><%= link_to user.name, user %></td>
    <td><%= user.email %></td>
    <td><%= user.company.name unless user.company_id.blank? %></td>
    <td><% if (current_user.role == "admin") || ( ( (current_user.role == "developer") && !current_user?(user) ) && (user.boss_id == current_user.id) ) %>
        <%= link_to "delete", user, method: :delete,
                              data: { confirm: "You sure?" } %>
        <% end %></td>
    <td><% if (current_user.role == "admin") %>
        <%= link_to "reset password", user, method: :update %>   ###this is where admin will edit another user
        <% end %></td>
  </tr>
  <% end %>
</table>

使用此代码,当我点击reset password时,它会显示:

Routing Error

No route matches [POST] "/users/1"

编辑: config / routes.rb

SampleApp::Application.routes.draw do

  #get "confs/new"

  resources :users
  resources :sessions, only: [:new, :create, :destroy]
  resources :companies

  root   to: 'sessions#new'

  match '/home' , to: 'static_pages#home'

  match '/help' ,  to: 'static_pages#help'

  match '/about' ,  to: 'static_pages#about'

  match '/contact' , to: 'static_pages#contact'

  match '/buttons' , to: 'static_pages#buttons'

  match '/signup' , to: 'users#newuser'

  match '/signin' , to: 'sessions#new'

  match '/signout', to: 'sessions#destroy' , via: :delete

  match '/developers', to: 'users#developers'

  match '/clients', to: 'users#clients'

  match '/downloads', to: 'confs#downloads'

  match '/new_company', to: 'companies#new'

  match '/resellers', to: 'companies#resellers'

  match '/companies_own', to: 'companies#owns'

  match '/conf_new', to: 'confs#new'

  match '/conf_show_all', to: 'confs#index'

  match '/conf_show_own', to: 'confs#own'

  match '/conf_show', to: 'confs#show'

  resources :confs do
    member do
      get :download
    end
  end
end

编辑2:耙路线| grep用户

users     GET     /users(.:format)              users#index
          POST    /users(.:format)              users#create
new_user  GET     /users/new(.:format)          users#new
edit_user GET     /users/:id/edit(.:format)     users#edit
     user GET     /users/:id(.:format)          users#show
          PUT     /users/:id(.:format)          users#update
          DELETE  /users/:id(.:format)          users#destroy
   signup         /signup(.:format)             users#newuser
developers        /developers(.:format)         users#developers
  clients         /clients(.:format)            users#clients

EDIT3: users_controller.rb

class UsersController < ApplicationController
  before_filter  :signed_in_user, only:[:index, :edit, :update, :destroy]
  before_filter  :correct_user,   only:[:edit, :update]
  before_filter  :admin_user,     only:[:edit, :destroy]

  def show
    @user = User.find(params[:id])
  end

  def newuser
    @user = User.new
  end

  def create
    @user = User.new(user_params)

     if @user.save
        #sign_in @user
        flash[:success] = "Welcome to the ManusWeb!"
          redirect_to @user
     else
          render 'newuser'
     end
  end

  helper_method :sort_column, :sort_direction
  def index
    @users = User.where(:role => "client").
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def developers
    @users = User.where(:role => "developer").
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def clients
    @users = User.where(:boss_id => codevelopers.map(&:id)).
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def codevelopers
    @users = User.where(:company_id => current_user.company_id)
  end

  def edit

  end


  def update

    if @user.update_attributes(user_params)
      # Handle a successful update.
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user

    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User deleted"
    redirect_to users_url
  end

  def client
    current_user.role == "client"
  end


  private

  def signed_in_user
    unless signed_in?
      store_location
      redirect_to signin_url, notice: "Please sign in"    
    end
  end


  def correct_user
    @user = User.find(params[:id])  
    redirect_to root_url, notice: "You are not authorized to request this page"  unless current_user?(@user)

  end

  def admin_user
    redirect_to(root_path) unless (current_user.role == "admin")
  end

  def sort_column
    (( User.column_names.include?(params[:sort]) ) || ( Company.column_names.include?(params[:sort]) )) ? params[:sort] : "name"
  end

  def sort_direction
    %w[asc desc].include?(params[:direction]) ? params[:direction] : "asc"
  end

  def user_params
    params.require(:user).permit( :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id ) if params[:user]
  end

end

4 个答案:

答案 0 :(得分:6)

更改重置密码&#39;链接到以下内容:

<%= link_to "reset password", edit_user_path(user) %>

correct_user方法更改为以下内容:

def correct_user
    @user = User.find(params[:id])  
    redirect_to root_url, notice: "You are not authorized to request this page"  unless current_user.role == "admin" or current_user?(@user)
end

答案 1 :(得分:2)

:role attr_accessible是不好的。

在UsersController中:

before_filter :accessible, only: [:create, :update]

private
def accessible
  @user.accessible << :role if can? :assign_role, @user # or use your condition
end

在用户模型中:

attr_writer :accessible

def accessible
  @accessible ||= []
end

private

  def mass_assignment_authorizer(arg)
    super + accessible
  end

答案 2 :(得分:2)

运行rake路由并找到帮助网址来编辑用户,我认为链接标记应该是

<%= link_to 'Reset Password', edit_user_path(user) %>

答案 3 :(得分:0)

我确定link_to应该是 _path _url

<%= link_to "reset password", edit_user_path(user)%>