小贝子编程

如何让用户只编辑/删除自己的项目?Ruby on Rails



需要某人的专业知识,试图让用户只能编辑或删除他们创建的项目(广告(时非常头疼。

目前,我拥有它,因为登录的任何人都可以编辑/删除等。我有一些代码可以尝试上述操作,但是我有太多错误,最终恢复到上次的工作构建。

索引.html.erb

<p id="notice"><%= notice %></p>
<div id="itemsContainer">

<% @items.each do |item| %>
<div class="itemhols">
<%= link_to (image_tag item.image_url, size: '200x200', :class => "itemholsIm"), item %>
<h1><%= item.city_country %></h1>
<p><%= item.title %></p>
<p>Price per night <%= number_to_currency(item.Price,:unit => "€") %>
<p>
<%= link_to 'Show', item %>
<% if user_signed_in? %>
<%= link_to 'Edit', edit_item_path(item) %>
<%= link_to 'Destroy', item, method: :delete, data: { confirm: 'Are you sure?' }%>
<% end %>
<a href="/cart/<%= item.id %>" class="button">Add To Cart</a>
</p>
</div>
<% end %>
</div>

<% if user_signed_in? %>
<%= link_to 'Rent a Home', new_item_path, :class =>"button", :role=>"button" %>
<% end %>

items_controller.rb

class ItemsController < ApplicationController
before_action :set_item, only: [:show, :edit, :update, :destroy]
# GET /items
# GET /items.json
def index
@items = Item.all
end
# GET /items/1
# GET /items/1.json
def show
end
# GET /items/new
def new
@item = Item.new
end
# GET /items/1/edit
def edit
end
# POST /items
# POST /items.json
def create
@item = Item.new(item_params)
respond_to do |format|
if @item.save
format.html { redirect_to @item, notice: 'Item was successfully created.' }
format.json { render :show, status: :created, location: @item }
else
format.html { render :new }
format.json { render json: @item.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /items/1
# PATCH/PUT /items/1.json
def update
respond_to do |format|
if @item.update(item_params)
format.html { redirect_to @item, notice: 'Item was successfully updated.' }
format.json { render :show, status: :ok, location: @item }
else
format.html { render :edit }
format.json { render json: @item.errors, status: :unprocessable_entity }
end
end
end
# DELETE /items/1
# DELETE /items/1.json
def destroy
@item.destroy
respond_to do |format|
format.html { redirect_to items_url, notice: 'Item was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_item
@item = Item.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def item_params
params.require(:item).permit(:city_country, :title, :image_url, :Price)
end
end

任何帮助或指导将不胜感激:)

这称为授权资源。

鉴于以下说明:

class User
has_many :items
end
class Item
belongs_to :user
end

让我们首先在创建时将项目与用户相关联:

def create
@item = current_user.items.new(item_params)
# ...
end

然后让我们在:update, :edit, :destroy上设置一个before_action,检查该项目是否属于当前用户,并在用户未获得授权时重定向用户:

class ItemsController < ApplicationController
before_action :authenticate_user, except: [:show, :index]
before_action :set_item, only: [:show, :edit, :update, :destroy]
before_action :authorize_item, only: [:update, :edit, :destroy]
# ...
private  
# ...
def authorize_item
unless @item.user == current_user 
redirect_to items_path, error: 'You are not authorized'
end
end
end

当然,你真的不需要在这里重新发明轮子。使用权威人士或CanCanCan的宝石。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium