我有一个简单的博客,我只想要管理员访问创建管理员选项和视图。我已经安装了Devise并使用了authenticate_admin!在我的控制器中但是当我测试它时,页面仍然可以访问并允许任何人注销管理员选项。登录后,我对管理员的选项有限。问题是任何人都可以登录。如果我基本上可以阻止访问管理员注册页面,那么我就是金色的。至少在这种情况下。我很好奇是否有人可以指出我的错误或错误。需要帮助请叫我。感谢
class AdminsController < ApplicationController
before_action :authenticate_admin!
def index
end
def created
end
end
文章控制器
class ArticlesController < ApplicationController
before_action :authenticate_admin!, :except => [:index, :show]
def new
@article = Article.new
end
def index
@article = Article.all
@articles = Article.order('created_at DESC')
@articles_by_month = Article.find(:all, :order => 'created_at DESC').group_by { |article| article.created_at.strftime("%B %Y") }
end
def month_count
@articles_by_month = Article.find(:all, :order => 'created_at DESC').group_by { |article| article.created_at.strftime("%B %Y") }
end
def create
@article = Article.new(article_params)
if @article.save
redirect_to @article
else
render 'new'
end
end
def edit
@article = Article.find(params[:id])
end
def update
@article = Article.find(params[:id])
if @article.update(article_params)
redirect_to @article
else
render 'edit'
end
end
def show
@article = Article.find(params[:id])
end
def destroy
@article = Article.find(params[:id])
@article.destroy
redirect_to articles_path
end
private
def article_params
params.require(:article).permit(:title, :text, :image)
end
end
文章索引视图
<div class="bit-75">
<% @article.each do |article| %>
<h2 id="title"><%= link_to article.title, article_path(article) %></h2>
<br>
<ul id="article-links">
<div id="article-image"><%= image_tag article.image_url %></div>
<br>
<li id="article-text"><%= article.text %></li>
<p>Posted on <%= article.created_at %></p>
<br>
<% if admin_signed_in? %>
<li><%= link_to 'Edit', edit_article_path(article) %></li>
<li><%= link_to 'Destroy', article_path(article),
method: :delete, data: { confirm: 'Are you sure?'} %></li>
<li><%= link_to 'New article', new_article_path %></li>
<% else %>
<li><%= link_to 'Make a Comment', article_path(article) %><p>Comments(<%= article.comments.count %>)</p></li>
</ul>
<% end %>
<% end %>
<div id="new-article-path"></div>
</div>
<div class="bit-5">
<h2>Recent Posts</h2>
<br>
<% @article.each do |article| %>
<ul id="recent-article">
<li><%= link_to article.title, article_path(article) %></li>
</ul>
<% end %>
<br>
<br>
<h2>Archives</h2>
<% @articles_by_month.each do |monthname, articles| %>
<h4 id="month-archive"><%=link_to monthname, archives_path %></h4>
<% end %>
<!-- <h2>Tags</h2> -->
</div>
管理模式
class Admin < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
文章模型
class Article < ActiveRecord::Base
has_many :comments, dependent: :destroy
validates :title, presence: true,
length: { minimum: 5 }
mount_uploader :image, ImageUploader
default_scope -> { order('created_at DESC') }
end
路线
Blog::Application.routes.draw do
devise_for :admins
devise_scope :admin do get "/admins/sign_out", to: 'devise/sessions#destroy'
end
devise_scope :admin do
get "/admins/sign_in", to: "devise/sessions#new"
end
devise_for :users
root 'articles#index'
resources :articles do
resources :comments
end
get "welcome/index"
match '/about', to: 'static_pages#about', via: 'get'
match '/contact', to: 'static_pages#contact', via: 'get'
match '/archives', to: 'archives#index', via: 'get'
答案 0 :(得分:1)
您可以删除管理模型中的registerable,以防止用户注册为管理员:
devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable
但是让devise_for :admins然后:users暗示您可能需要考虑使用像CanCanCan这样的权限管理宝石。