我在http://www.logansbailey.com/上遵循教程并修改它以使未注册的人能够使用用户名,电子邮件和密码进行注册。
我已经允许一个登录用户修改他/她的电子邮件和密码,但不允许修改用户名。
我想添加的是:
1)使登录用户能够看到/到达他/她的用户名和电子邮件,
2)启用设置了admin_flag的用户(我在sql表中处理了这个问题并创建了这个用户)能够查看/修改所有用户记录
修改了app/controllers/user_controller。像这样:
class UsersController < ApplicationController
before_filter :is_user, :only => [:index, :show, :edit, :update, :destroy]
def index
@users = User.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
def new
@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
def edit
end
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
flash[:notice] = 'Registration successful.'
format.html { redirect_to(:controller => 'home', :action => 'tutorial') }
format.xml { render :xml => @user, :status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if @user.update_attributes(params[:user])
flash[:notice] = 'Your profile was successfully updated.'
format.html { redirect_to(:controller => 'home', :action => 'index') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
def is_user
if User.exists?(params[:id])
@user = User.find(params[:id]);
if current_user.admin_flag == true
flash[:notice] = 'Welcome Admin'
end
if !current_user || current_user.id != @user.id
flash[:notice] = 'You do not have access to that page'
redirect_to(:controller => 'home', :action => 'index')
end
else
flash[:notice] = 'You do not have access to that page'
redirect_to(:controller => 'home', :action => 'index')
end
end
end
文件app/models/user。rb:
class User < ActiveRecord::Base
acts_as_authentic
end
我可以确认admin_flag设置用户是正确的,因为文件app/views/layouts/application.html。erb包含:
<div id="admin">
<% if current_user %>
<% if current_user.admin_flag == true %> |
<%= link_to "Users", users_path %>
<% end %>
<% end %>
</div>
正确显示'Users'链接。
现在的问题是,我不能得到显示所有用户,编辑其他用户等。功能。作为管理员,我可以像其他普通用户一样显示和修改admin用户,也就是说我不能修改用户名。
这里可能有什么问题?
当您以正确的方式向用户添加布尔属性admin时,Rails应该添加问号方法admin?在用户模型中。这并不重要,只是为了方便。在你想要保护的每个方法上,使用before_filter:
class UsersController < ApplicationController
before_filter :admin_user, :only => :destroy
before_filter :correct_user, :only => [:edit, :update]
def destroy
end
...
private
def admin_user
redirect_to(root_path) unless current_user.admin?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user) || current_user.admin?
end
end
在视图中更方便地使用current_user.admin?
<div id="admin">
<% if current_user.admin? %>
<%= link_to "Users", users_path %>
<% end %>
</div>