我正在为用户使用Devise,我还有另一个名为“Host Requests”的模型,它允许用户在网站上提交不同访问级别的应用程序。在用户模型中,我有一个列(布尔值),用于可用的不同类型的访问角色。我正在尝试创建一个管理仪表板,其中列出了已提交的所有主机请求以供审阅。我正在尝试在主机请求旁边创建两个按钮,允许管理员“批准”或“拒绝”用户的请求。如果获得批准,它会将用户数据库列更改为TRUE,如果拒绝,则会将其更改为FALSE。我已将我的附加属性添加到Devise Sanitizer进行更新,但由于某种原因,我无法让表更新为附加到host_request的user_id。单击该按钮时,它最终会更改current_user的值。
非常感谢任何帮助或指导!
型号 - user.rb
class User < ApplicationRecord
has_many :host_requests
has_many :timeslots
has_many :experiences
has_many :reservations
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :confirmable
validates :fullname, presence: true, length: {maximum: 50}
after_create :send_admin_mail
def send_admin_mail
UserMailer.send_welcome_email(self).deliver_later
end
end
模型 - host_requests.rb
class HostRequest < ApplicationRecord
belongs_to :user
accepts_nested_attributes_for :user
end
控制器 - host_requests_controller.rb
class HostRequestsController < ApplicationController
before_action :set_host_request, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
# GET /host_requests
# GET /host_requests.json
def index
if current_user.admin_role?
redirect_to admin_url
else current_user.host_role?
@host_requests = current_user.host_requests
end
end
# GET /host_requests/1
# GET /host_requests/1.json
def show
end
# GET /host_requests/new
def new
@host_request = HostRequest.new
@host_request.user = current_user
end
# GET /host_requests/1/edit
def edit
end
# POST /host_requests
# POST /host_requests.json
def create
@host_request = current_user.host_requests.new(host_request_params)
respond_to do |format|
if @host_request.save
format.html { redirect_to @host_request, notice: 'Host request was successfully created.' }
format.json { render :show, status: :created, location: @host_request }
else
format.html { render :new }
format.json { render json: @host_request.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /host_requests/1
# PATCH/PUT /host_requests/1.json
def update
respond_to do |format|
if @host_request.update(host_request_params)
format.html { redirect_to @host_request, notice: 'Host request was successfully updated.' }
format.json { render :show, status: :ok, location: @host_request }
else
format.html { render :edit }
format.json { render json: @host_request.errors, status: :unprocessable_entity }
end
end
end
# DELETE /host_requests/1
# DELETE /host_requests/1.json
def destroy
@host_request.destroy
respond_to do |format|
format.html { redirect_to host_requests_url, notice: 'Host request was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_host_request
@host_request = HostRequest.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def host_request_params
params.require(:host_request).permit(:user_id, :why_host, :your_skills, :your_eco)
end
end
表单 - 管理控制台
<% @host_requests.each do |request| %>
<div class="row mr-1 mt-1 ml-1">
<div class="col-md-6">
<p><strong>User Name: </strong><%= request.user.fullname %></p>
<p><strong>Why Host: </strong><%= request.why_host %></p>
</div>
<div class="col-md-6 text-right">
<%= form_for(request.user, url: user_registration_path(request.user), html: { method: :put }) do |f| %>
<%= f.hidden_field :host_role, value: true %>
<%= f.submit "Approve", class: "btn btn-primary pull-right mr-1 ml-1"%>
<% end %>
</div>
</div>
<% end %>
设计 - registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
# before_action :configure_sign_up_params, only: [:create]
before_action :configure_account_update_params, only: [:update]
def update_resource(resource, params)
resource.update_without_password(params)
end
# GET /resource/sign_up
# def new
# super
# end
# POST /resource
# def create
# super
# end
# GET /resource/edit
# def edit
# super
# end
# PUT /resource
# def update
# super
# end
# DELETE /resource
# def destroy
# super
# end
# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.
# def cancel
# super
# end
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:host_role])
end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:host_role])
end
# The path used after sign up.
# def after_sign_up_path_for(resource)
# super(resource)
# end
# The path used after sign up for inactive accounts.
# def after_inactive_sign_up_path_for(resource)
# super(resource)
# end
end
答案 0 :(得分:2)
在Devise
之外进行此更新<强>的routes.rb
post ‘host-updater/:id’, to: ‘some_controller#some_action’, as: :host_update
<强> some_controller.rb
def some_action
user = User.find params[:id]
user.update_attributes user_params
redirect_to request.referrer, notice: ‘updated’
end
...
private
def user_params
params.require(:user).permit .....
end
form_form request.user, url: host_update_path, html: { method: :post } do |f|
......
end