Question

现在只有current_user可以修改自己的帐户，但只有admin可以删除帐户。不知道如何授权管理员编辑用户，因为current_user功能正在阻止它。

users_controller.rb

class UsersController < ApplicationController
  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
  before_action :correct_user,   only: [:edit, :update]
  before_action :admin_user,     only: [:index, :destroy]

...

private

...

    # Confirms the correct user.
    def correct_user 
      @user = User.find(params[:id])
      redirect_to(root_url) unless current_user?(@user)
    end

    # Confirms an admin user.
    def admin_user
      redirect_to(root_url) unless current_user.admin?
    end
end

Answer 1

您可以添加check for admin。

def correct_user 
  @user = User.find(params[:id])
  redirect_to(root_url) unless (current_user?(@user) || current_user.admin?)
end

Answer 2

你能不能为正确的用户或管理员定义一个返回true的新方法？

# Confirms an admin or user.
def admin_or_correct_user
  unless current_user.admin? || current_user?(@user)
    redirect_to(root_url) 
  end
end

rails before_action进退两难

2 个答案: