我正在关注http://www.logansbailey.com/上的教程并修改它以使未注册的人能够使用用户名,电子邮件和密码进行注册。
我已经启用了登录用户来修改他/她的电子邮件和密码,但没有修改用户名。
我想补充的是:
1)使登录用户能够查看/到达他/她的用户名和电子邮件,
2)启用设置了admin_flag的用户(我在sql表中处理了这个并创建了用户)以便能够查看/修改所有用户记录。
我修改了app / cotrollers / user_controller.rb,如下所示:
class UsersController < ApplicationController
before_filter :is_user, :only => [:index, :show, :edit, :update, :destroy]
def index
@users = User.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
def new
@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
def edit
end
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
flash[:notice] = 'Registration successful.'
format.html { redirect_to(:controller => 'home', :action => 'tutorial') }
format.xml { render :xml => @user, :status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if @user.update_attributes(params[:user])
flash[:notice] = 'Your profile was successfully updated.'
format.html { redirect_to(:controller => 'home', :action => 'index') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
def is_user
if User.exists?(params[:id])
@user = User.find(params[:id]);
if current_user.admin_flag == true
flash[:notice] = 'Welcome Admin'
end
if !current_user || current_user.id != @user.id
flash[:notice] = 'You do not have access to that page'
redirect_to(:controller => 'home', :action => 'index')
end
else
flash[:notice] = 'You do not have access to that page'
redirect_to(:controller => 'home', :action => 'index')
end
end
end
文件app / models / user.rb是:
class User < ActiveRecord::Base
acts_as_authentic
end
我可以确认admin_flag set用户是否正确,因为文件app / views / layouts / application.html.erb包含:
<div id="admin">
<% if current_user %>
<% if current_user.admin_flag == true %> |
<%= link_to "Users", users_path %>
<% end %>
<% end %>
</div>
当我以管理员身份登录时,正确显示“用户”链接。
现在问题是我无法获得所有用户的节目,编辑其他用户等功能。作为管理员,我可以像所有其他普通用户一样显示和修改管理员用户,这意味着我也无法修改用户名。
这里可能有什么问题?
答案 0 :(得分:0)
当你以正确的方式向用户添加布尔属性admin时,Rails应该添加问号方法admin?在用户模型中。这并不重要,但为了方便起见。 对于要防止不需要的操作的每种方法,请使用before_filter:
class UsersController < ApplicationController
before_filter :admin_user, :only => :destroy
before_filter :correct_user, :only => [:edit, :update]
def destroy
end
...
private
def admin_user
redirect_to(root_path) unless current_user.admin?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user) || current_user.admin?
end
end
在视图中使用current_user.admin更方便吗?
<div id="admin">
<% if current_user.admin? %>
<%= link_to "Users", users_path %>
<% end %>
</div>