I have a Vitals Page for each user
这是我在我的应用程序中使用的各种模型的上述生命路径中填充的。 User1预约User2(医生)....(我没有2个用户类型) User 2's View of Appointment booked by User1
当User2点击您患者部分的Vitals和报告时.... 我仍然看到User2的Vitals和Reports,但我希望看到用户1的重要和报告页面。
我该怎么办?
这是我的报告控制器:
class ReportsController < ApplicationController
before_action :set_report, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!
# GET /reports
# GET /reports.json
def index
@reports = current_user.reports
end
# GET /reports/1
# GET /reports/1.json
def show
end
# GET /reports/new
def new
@report = current_user.reports.build
end
# GET /reports/1/edit
def edit
end
# POST /reports
# POST /reports.json
def create
@report = current_user.reports.build(report_params)
respond_to do |format|
if @report.save
format.html { redirect_to @report, notice: 'Report was successfully created.' }
format.json { render :show, status: :created, location: @report }
else
format.html { render :new }
format.json { render json: @report.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /reports/1
# PATCH/PUT /reports/1.json
def update
respond_to do |format|
if @report.update(report_params)
format.html { redirect_to @report, notice: 'Report was successfully updated.' }
format.json { render :show, status: :ok, location: @report }
else
format.html { render :edit }
format.json { render json: @report.errors, status: :unprocessable_entity }
end
end
end
# DELETE /reports/1
# DELETE /reports/1.json
def destroy
if current_user.id == @report.user.id
@report.destroy
respond_to do |format|
format.html { redirect_to reports_url, notice: 'Report was successfully destroyed.' }
format.json { head :no_content }
end
else
redirect_to root_path, notice: "You don't have permission."
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_report
@report = Report.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def report_params
params.require(:report).permit(:name, :attachment)
end
end
这是我的约会控制员:
class AppointmentsController < ApplicationController
before_action :authenticate_user!, except: [:notify]
def preload
practice = Practice.find(params[:practice_id])
today = Date.today
appointments = practice.appointments.where("date >= ?", today)
render json: appointments
end
def create
@appointment = current_user.appointments.create(appointment_params)
if @appointment
# send request to PayPal
values = {
business: 'abc@gmail.com',
cmd: '_xclick',
upload: 1,
notify_url: 'url.com',
amount: @appointment.price,
item_name: @appointment.practice.speciality,
item_number: @appointment.id,
quantity: '1',
return: 'url.com/your_trips'
}
redirect_to "https://www.sandbox.paypal.com/cgi-bin/webscr?" + values.to_query
else
redirect_to @appointment.practice, alert: "Oops, something went wrong..."
end
end
protect_from_forgery except: [:notify]
def notify
params.permit!
status = params[:payment_status]
appointment = Appointment.find(params[:item_number])
if status == "Completed"
appointment.update_attributes status: true
else
appointment.destroy
end
render nothing: true
end
protect_from_forgery except: [:your_trips]
def your_trips
@trips = current_user.appointments.where("status = ?", true)
end
def your_appointments
@practices = current_user.practices
end
def check_date_time
if params[:time].blank? || params[:date].blank?
render json: {status: true}
else
arr = []
arr1 = []
Appointment.where(practice_id: params[:practice_id]).map{|a| arr << "#{a.date} #{a.time.strftime("%T") }" unless a.time.nil? }
arr.map{|a| arr1 << DateTime.parse(a).to_i }
d = DateTime.parse("#{params[:date]} #{params[:time]}").to_i
if arr1.include?(d)
render json: {status: false}
else
render json: {status: true}
end
end
end
private
def appointment_params
params.require(:appointment).permit(:date, :hour, :price, :reason, :practice_id, :time)
end
end