我希望创建微博的用户和管理员能够删除微博。
我在控制器中有这个。
class MicropostsController < ApplicationController
before_action :logged_in_user, only: [:create, :destroy]
before_action :correct_user, only: :destroy
before_action :admin_user, only: :destroy
.
.
private
def micropost_params
params.require(:micropost).permit(:content, :picture)
end
def correct_user
@micropost = current_user.microposts.find_by(id: params[:id])
redirect_to root_url if @micropost.nil?
end
# Confirms an admin user.
def admin_user
redirect_to(root_url) unless current_user.admin?
end
在我看来,我删除了微博
<% if current_user.admin? || current_user?(@micropost.user) %>
<div class="btn-group" style="float:right">
<button class="btn btn-default btn-xs dropdown-toggle" type="button" data-toggle="dropdown" aria-expanded="false">
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right postdelete" role="menu" style="color:#383838; background-color: #E6E6E6; padding-top: 0; padding-bottom: 0;margin-top: 0; margin-bottom:0">
<li role="presentation" style="padding-top: 0; padding-bottom: 0;margin-top: 0; margin-bottom:0">
<%= link_to " Delete ", @micropost, method: :delete,
data: { confirm: "Are you sure?" },
role: 'menuitem', tabindex: -1, :style => "color:#383838" %>
</li>
</ul>
</div>
<% end %>
当管理员尝试删除微博时,我收到以下错误。
2015-05-19T20:23:17.467004+00:00 app[web.2]: Started DELETE "/microposts/142" for 182.65.17.244 at 2015-05-19 20:23:17 +0000
2015-05-19T20:23:17.481204+00:00 app[web.2]: (2.3ms) SELECT COUNT(*) FROM "user_languages" WHERE "user_languages"."user_id" = $1 [["user_id", 1]]
2015-05-19T20:23:17.489765+00:00 app[web.2]: Micropost Load (2.1ms) SELECT "microposts".* FROM "microposts" WHERE "microposts"."user_id" = $1 AND "microposts"."id" = $2 ORDER BY created_at DESC LIMIT 1 [["user_id", 1], ["id", 142]]
2015-05-19T20:23:17.472886+00:00 app[web.2]: Processing by MicropostsController#destroy as HTML
2015-05-19T20:23:17.472897+00:00 app[web.2]: Parameters: {"authenticity_token"=>"5gLZum2IEbw+WX31H5DR1jGypHNtktiZnYnIclh8i2tY1AxejDYsiDTMIXovEo9EhxkM6xqfJmdRvD40xL/uvQ==", "id"=>"142"}
2015-05-19T20:23:17.476748+00:00 app[web.2]: User Load (2.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 1]]
2015-05-19T20:23:17.484168+00:00 app[web.2]: (1.9ms) SELECT COUNT(*) FROM "user_learnings" WHERE "user_learnings"."user_id" = $1 [["user_id", 1]]
2015-05-19T20:23:17.490353+00:00 app[web.2]: Redirected to https://www.abc123.com/
2015-05-19T20:23:17.490423+00:00 app[web.2]: Filter chain halted as :correct_user rendered or redirected
2015-05-19T20:23:17.490552+00:00 app[web.2]: Completed 302 Found in 18ms (ActiveRecord: 8.5ms)
我可以看到它是由于
Filter chain halted as :correct_user rendered or redirected
有人可以分享我所犯的错误吗?为什么不是 admin_user过滤器没有被执行?
如何让管理员用户也删除微博?
请帮助。感谢。
答案 0 :(得分:0)
before_action :correct_user, only: :destroy
before_action :admin_user, only: :destroy
以上将被视为AND condition,因为这两个将按顺序应用(顺序取决于声明的顺序)。因此,使用该代码,只有admin_user才能删除他们创建的记录 - 而不是其他人创建的记录。
您正在尝试的内容可以实现为OR condition,如下所示:
before_action :can_delete, only: :destroy
....
def can_delete
correct_user || admin_user
end
答案 1 :(得分:0)
您在@micropost.nil?时重定向用户,但当您以 admin 身份登录时,@micropost不属于他,对吗?它属于其他人。
你应该这样做:
def correct_user
unless current_user.admin?
@micropost = current_user.microposts.find_by(id: params[:id])
redirect_to root_url if @micropost.nil?
end
end
并删除admin_user方法,因为它不再需要了。