如何使用devise,cancan和rolify为用户分配角色?

时间:2014-09-30 09:21:23

标签: ruby-on-rails ruby devise cancan rolify

我是Ruby on Rails的新手,我收到了这个错误:

in `const_get': uninitialized constant Devise::Models::RoleId (NameError)

当我删除此",:role_ids"从我的models / user.rb应用程序工作,但我无法将角色分配给我的用户..

my models / role.rb

class Role < ActiveRecord::Base
    has_and_belongs_to_many :users, :join_table => :users_roles
    belongs_to :resource, :polymorphic => true

    scopify
end

我的路线:

Rails.application.routes.draw do
    resources :users
    root :to => 'home#index'

    devise_for :users, :skip => [:registrations, :sessions]

    as :user do
        get "/login" => "devise/sessions#new", :as => :new_user_session
        post "/login" => "devise/sessions#create", :as => :user_session
        delete "/logout" => "devise/sessions#destroy", :as => :destroy_user_session
    end
end

和我的models / user.rb

class User < ActiveRecord::Base
    rolify
    # Include default devise modules. Others available are:
    # :confirmable, :lockable, :timeoutable and :omniauthable
    devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable, :role_ids
    validates :email, :uniqueness => true
end

和我的UsersController:

class UsersController < ApplicationController
    load_and_authorize_resource
    def index
        @users = User.all
    end

    def show
        @user = User.find(params[:id])
    end

    def new
        @user = User.new
    end

    def edit
        @user = User.find(params[:id])
    end

    def create
        @user = User.new(user_params)

        if @user.save
            redirect_to @user, :flash => { :success => 'User was successfully created.' }
        else
            render :action => 'new'
        end
    end

    def update
        @user = User.find(params[:id])

        if params[:user][:password].blank?
            params[:user].delete(:password)
            params[:user].delete(:password_confirmation)
        end

        params[:user][:role_ids] ||= []

        if @user.update_attributes(user_params)
            sign_in(@user, :bypass => true) if @user == current_user
            redirect_to @user, :flash => { :success => 'User was successfully updated.' }
        else
            render :action => 'edit'
        end
    end


    def destroy
        @user = User.find(params[:id])
        @user.destroy
        redirect_to users_path, :flash => { :success => 'User was successfully deleted.' }
    end

    private
    def user_params
        params.require(:user).permit(:username, :email, :password, :salt, :encrypted_password)
        if can? :manage, User
            params.require(:user).permit(:username, :email, :role_ids, :salt, :encrypted_password)
        else
            params[:user].delete(:role_ids)
            params[:user].delete(:email)
        end
    end
end

我遵循了这两个教程: http://danielboggs.com/articles/rails-authentication-and-user-management-via-crud/http://danielboggs.com/articles/rails-authentication-and-user-management-continued/

1 个答案:

答案 0 :(得分:1)

我发现了问题。

解决方案是:

params.require(:user).permit(:username, :email, :password, :salt, :encrypted_password, role_ids: [])

而不是:

params.require(:user).permit(:username, :email, :password, :salt, :encrypted_password, role_ids)