只有管理员才能创建订单。订单由user_id分配给用户。在用户个人资料页面上,是用户只能看到其记录的唯一位置。我觉得我的控制器存在问题。
class OrdersController < ApplicationController
before_action :set_order, only: [:show, :edit, :update, :destroy]
# GET /orders
# GET /orders.json
def index
@orders = Order.all
end
# GET /orders/1
# GET /orders/1.json
def show
end
# GET /orders/new
def new
@order = User.find_by(params[:id]).orders.build
end
# GET /orders/1/edit
def edit
end
# POST /orders
# POST /orders.json
def create
@order = current_user.orders.build(order_params)
respond_to do |format|
if @order.save
format.html { redirect_to @order, notice: 'Order was successfully created.' }
format.json { render :show, status: :created, location: @order }
else
format.html { render :new }
format.json { render json: @order.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /orders/1
# PATCH/PUT /orders/1.json
def update
respond_to do |format|
if @order.update(order_params)
format.html { redirect_to @order, notice: 'Order was successfully updated.' }
format.json { render :show, status: :ok, location: @order }
else
format.html { render :edit }
format.json { render json: @order.errors, status: :unprocessable_entity }
end
end
end
# DELETE /orders/1
# DELETE /orders/1.json
def destroy
@order.destroy
respond_to do |format|
format.html { redirect_to orders_url, notice: 'Order was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_order
@order = Order.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def order_params
params.require(:order).permit(:service, :charge, :user_id)
end
end
这是我的用户控制器
class UsersController < ApplicationController
def index
@users = User.all
end
def new
@user = User.new
end
def create
customer = Stripe::Customer.create(
:email => 'example@stripe.com',
:card => params[:stripeToken]
)
rescue Stripe::CardError => e
flash[:error] = e.message
redirect_to charges_path
end
def admin_dashboard
@users = User.all
end
def show
end
def edit
end
def update
if params[:user][:password].blank?
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
end
token = params[:stripeToken]
customer = Stripe::Customer.create(
card: token,
email: current_user.email
)
current_user.stripeid = customer.id
current_user.save
redirect_to dashboard_path
end
def payment
end
def destroy
end
private
def user_params
params.require(:user).permit( :stripe_card_token, :avatar, :first_name, :last_name, :country_code, :phone_number,:home_adress,:work_address, :email, :password, :current_password)
end
end
模型用户
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_many :orders
end
订单型号
class Order < ActiveRecord::Base
belongs_to :user
end
个人资料页
<div class = 'container'>
<table class="table table-hover" style = 'width: 70%'>
<thead>
<tr>
<th> ID </th>
<th> Date </th>
<th>Service</th>
<th>Charge</th>
<th>Feedback</th>
</tr>
</thead>
<tbody>
<% Order.all.each do |orders| %>
<tr>
<td><%= orders.user.id %></td>
<td><%= orders.created_at %></td>
<td><%= orders.service %></td>
<td><%= orders.charge %></td>
</tr>
<%end%>
如果我遗失任何内容,请告诉我。我不确定如何将管理类与所有这些联系起来。