devise authenticate_user doesn't work

时间:2017-06-15 09:35:01

标签: ruby-on-rails devise

I have problems with devise, it works well to sign up, login etc but the the before_action :authenticate_worker! doesn't work.

When i'm on http://localhost:3000/workers/1/edit, i can change the id in the address and have access to the edit page of all workers...

Here is my workers controller:

class WorkersController < ApplicationController
  skip_before_action :authenticate_user!, only: [:edit, :update]
  before_action :authenticate_worker!, only: [:edit, :update]
  before_action :set_worker, only: [:edit, :update]

  def edit
    @worker = Worker.find(params[:id])
  end

  def update
    @worker = Worker.find(params[:id])
    @worker.update(worker_params)

    redirect_to worker_path(@worker)
  end

  private

  def worker_params
    params.require(:worker).permit(:first_name, :last_name, :phone_number, :email, :address, :construction, :renovation, :entretien, :charpente, :couverture, :ouverture, :terrasse, :plomberie, :maison, :chateau, :immeuble, :monument_historique, :message)
  end

  def set_worker
    @worker = Worker.find(params[:id])
  end
end

Here is my users controller:

class UsersController < ApplicationController

  skip_before_action :authenticate_user!, only: [:index, :show]
  skip_before_action :authenticate_worker!
  before_action :set_user, only: [:show, :edit, :update]


  def index
    @radius_users = []
    @client = Client.new

    @users = User.all
    @users = User.where.not(latitude: nil, longitude: nil)


    @hash = Gmaps4rails.build_markers(@users) do |user, marker|
      marker.lat user.latitude
      marker.lng user.longitude
    end
  end

  def show
    @client = Client.new
    @projects = Project.where(user_id: @user)
  end



  private

  def user_params
    params.require(:user).permit(:company, :first_name, :last_name, :position, :mobile_phone, :office_phone, :email, :address, :description, :radius, :photo_company_logo, :photo_presentation, :construction, :renovation, :entretien, :charpente, :couverture, :ouverture, :terrasse, :plomberie, :maison, :chateau, :immeuble, :monument_historique)
  end

  def set_user
    @user = User.find(params[:id])
  end
end

Here is my workers model:

class Worker < ApplicationRecord

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
end

Here is my user model:

class User < ApplicationRecord


has_attachment :photo_presentation
  has_attachment  :photo_company_logo
  has_many :projects, dependent: :destroy
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
  #geocoder for google maps
  geocoded_by :address
  after_validation :geocode, if: :address_changed?

  validates :email, uniqueness: true, presence: true
  validates :company, presence: true, uniqueness: true
  validates :first_name, presence: true
  validates :last_name, presence: true
  validates :office_phone, presence: true, uniqueness: true
  validates :mobile_phone, presence: true, uniqueness: true
  validates :address, presence: true
  validates :description, presence: true, length: { minimum: 300, maximum: 900 }
  validates :radius, presence: true, numericality: { only_integer: true, greater_than_or_equal_to: 50 }
  validates :city, presence: true
  validates :zip_code, presence: true
end

And here are routes:

  Rails.application.routes.draw do
  mount Attachinary::Engine => "/attachinary"

  ActiveAdmin.routes(self)
  devise_for :workers
  devise_for :users
  root to: 'pages#home'
  resources :users
  resources :projects
  resources :clients, only: [:new, :create, :show, :edit, :update]
  resources :articles, only: [:index, :new, :create, :show]
  resources :workers, only: [:edit, :update]

end

Thanks guys!!!

0 个答案:

没有答案