以管理员身份编辑其他用户,ruby on rails

时间:2019-07-17 15:09:05

标签: html ruby-on-rails ruby

我希望具有管理员角色的用户可以从users / index.html.erb视图编辑其他用户。我不是第一个问这个问题的人,但是给出的所有答案都缺乏明确的说明。

问题是;编辑完字段后,当我单击users / index.html.erb视图中的“更新”按钮时,页面已重新加载,但没有任何更改。

附加信息:我正在使用Devise和Omniauth Facebook。

通过部分显示在用户/索引中的用户:

  <td>
    <div class="field">
      <%= f.text_field :name, class: 'form-control' %>
    </div>
  </td>

  <td>
    <div class="field">
      <%= f.text_field :email, class: 'form-control' %>
    </div>
  </td>

  <td>
    <div class="actions">
      <%= f.submit I18n.translate('control.update'), class: 'btn sign-up-button' %>
    </div>
  </td>

  <td>
    <!-- display a delete button if the user is not the current_user -->
    <%= link_to(I18n.translate('control.delete'), user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'btn') unless user == current_user %>
  </td>

users / index.html.erb:

<div class="container">
  <div class="row">
    <div class="col-sm-6 col-sm-offset-3">

      <h2 class="text-center"><%= I18n.translate('user.users_list') %></h2>
      <div class="column">
        <table class="table">
          <tbody>
            <% @users.each do |user| %>
              <tr>
                <%= render user %>
              </tr>
            <% end %>
          </tbody>
        </table>
      </div>

      <ul class=”pagination”>
        <li><%= will_paginate(@users) %></li>
      </ul>

    </div>
  </div> 
</div>

我的user_controller.rb 

class UsersController < ApplicationController

  before_action :ensure_admin, :except => :show

  def index
    @users = User.paginate(:page => params[:page], :per_page => 8)
  end

  def show
    @user = User.find_by_name(params[:id])
  end

  def edit
    @user = User.find(params[:id])
  end

  def update
    @user = User.find(params[:id])
    if @user.update(secure_params)
      redirect_to users_path, :notice => "User updated."
    else
      redirect_to users_path, :alert => "Unable to update user."
    end
  end

  def destroy
    user = User.find(params[:id])
    user.destroy
    redirect_to users_path, :notice => "User deleted."
  end

  private

  def ensure_admin
    if(current_user.role == 'admin')
      return
    end
    redirect_to root_path, :alert => "Access denied."
  end

  def secure_params
    params.require(:user).permit(:role)
  end

  def user_params
    params.require(:user).permit(:email, :name, :password)
  end
end

我的路线:

Rails.application.routes.draw do
  root to: 'pages#index'

  get 'users/index'

  # you can type '/users' to view the users
  match '/users', to: 'users#index', via: 'get'

  devise_for :users, :controllers => { :registrations => "registrations",
                                      :path_prefix => 'd',
                                      :omniauth_callbacks => "users/omniauth_callbacks" }

  resources :users

  scope '/:locale' do
    devise_scope :user do
      get 'login', to: 'devise/sessions#new'
    end
    devise_scope :user do
      get 'signup', to: 'devise/registrations#new'
    end
end

1 个答案:

答案 0 :(得分:1)

在user_controller更新操作中,您正在调用secure_params def,它仅允许“角色”字段。

我认为您应该在如下所示的更新操作中使用user_params 

def update
  @user = User.find(params[:id])
  if @user.update(user_params)
    redirect_to users_path, :notice => "User updated."
  else
    redirect_to users_path, :alert => "Unable to update user."
  end
end

否则,您还必须在secure_params def中允许其他参数,例如

def secure_params
  params.require(:user).permit(:role,:name,:email)
end

希望对您有帮助。

相关问题
最新问题