rails_admin在控制器中设置current_user

时间:2014-02-25 22:38:18

标签: ruby-on-rails rails-admin

我有一个事件模型:

class Event < ActiveRecord::Base
  belongs_to :author, class_name: 'User'
end

我可以输入控制台:

e=Event.last
e.author

在rails_admin中创建新事件时,我不想在表单中显示author_id字段。我想在控制器中设置这样的东西:

@e=Event.new(params)
@e.author_id=current_user.id
@e.save

可以在rails_admin中执行吗?

我在官方维基中找到了这个document,但是我不想使用cancan能力而且我不想在author_id字段中设置一个隐藏字段,因为这样会很危险安全性,事实上POST请求可以使用自定义author_id覆盖。 我想简单地在控制器中分配author_id。 有可能吗?

2 个答案:

答案 0 :(得分:6)

我没有找到干净的方法在rails_admin中执行此操作。这是一个未解决的问题:https://github.com/sferik/rails_admin/issues/1855

这可能不是最佳选择,但您可以在create action中覆盖全局逻辑。看看它是如何工作的:https://github.com/sferik/rails_admin/blob/master/lib/rails_admin/config/actions/new.rb

有一个register_instance_option :controller块。这意味着您可以通过配置传递此选项。更多信息:https://github.com/sferik/rails_admin/wiki/Actions

因此,如果您真的需要它,可以编辑/config/initializers/rails_admin.rb

RailsAdmin.config do |config|

  config.actions do
    dashboard                     # mandatory
    index                         # mandatory

    new do
      controller do
        proc do
          if request.get? # NEW

            @object = @abstract_model.new
            @authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
              @object.send("#{name}=", value)
            end
            if object_params = params[@abstract_model.to_param]
              @object.set_attributes(@object.attributes.merge(object_params))
            end
            respond_to do |format|
              format.html { render @action.template_name }
              format.js   { render @action.template_name, layout: false }
            end

          elsif request.post? # CREATE

            @modified_assoc = []
            @object = @abstract_model.new
            satisfy_strong_params!
            sanitize_params_for!(request.xhr? ? :modal : :create)

            @object.set_attributes(params[@abstract_model.param_key])
            @authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
              @object.send("#{name}=", value)
            end

            # customization
            if @object.class == Event
              # do whatever you want
            end                

            if @object.save
              @auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
              respond_to do |format|
                format.html { redirect_to_on_success }
                format.js   { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
              end
            else
              handle_save_error
            end
          end       
        end
      end
    end

    export
    bulk_delete
    show
    edit
    delete
    show_in_app

  end
end

答案 1 :(得分:0)

pereleguine今天用2年前的评论拯救了我的屁股。谢谢,谢谢。

我必须进行一次修改并删除satisf_strong_params!它再次非常hacky,但它确实有效:

RailsAdmin.config do |config|

config.actions do
dashboard                     # mandatory
index                         # mandatory

new do
  controller do
    proc do
      if request.get? # NEW

        @object = @abstract_model.new
        @authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
          @object.send("#{name}=", value)
        end
        if object_params = params[@abstract_model.to_param]
          @object.set_attributes(@object.attributes.merge(object_params))
        end
        respond_to do |format|
          format.html { render @action.template_name }
          format.js   { render @action.template_name, layout: false }
        end

      elsif request.post? # CREATE

        @modified_assoc = []
        @object = @abstract_model.new
        satisfy_strong_params!
        sanitize_params_for!(request.xhr? ? :modal : :create)

        @object.set_attributes(params[@abstract_model.param_key])
        @authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
          @object.send("#{name}=", value)
        end

        # customization
        if @object.class == Event
          # do whatever you want
        end                

        if @object.save
          @auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
          respond_to do |format|
            format.html { redirect_to_on_success }
            format.js   { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
          end
        else
          handle_save_error
        end
      end       
    end
  end
end

export
bulk_delete
show
edit
delete
show_in_app

end

相关问题
最新问题