Rails应用程序中项目/微博的CRUD所有权 [英] CRUD Ownership of Items/Microposts in Rails App

问题描述

我有一个简单的Rails应用程序，用户可以在其中创建项目，但是在列出所有项目的主索引页面上，每个项目旁边都有显示，编辑和删除链接。我了解这是由于我使用脚手架来完成项目，但是我想确保人们只能编辑他们创建的项目。目前，这种逻辑有点超出我的理解范围，就像我之前说过的那样，对于Rails来说是全新的。

I have a simple rails app where users can create 'items', but on the master index page that lists all the items, there are 'Show, Edit, and Delete' links next to each 'item'. I understand that this is due to the fact that I used scaffolding to accomplish the items, but I'd like to make sure that people can only edit the ones that they created. This logic is a little above my head at the moment, as, like I've said before, am totally new to rails.

用户控制器：

class UsersController < ApplicationController
  def show
    @user = User.find_by_username(params[:id])
  end
  def index
    @user = User.find(:all)
  end
end

主项目视图：

<div class="well">
  <h1>All Items</h1>
    <table>
  <tr>
    <th>Title</th>
    <th>Details</th>
    <th>Inquire</th>
    <th></th>
    <th></th>
    <th></th>
  </tr>
<% @items.each do |item| %>
  <tr>
    <td><%= link_to item.title, item_path(item) %></td>
    <td><%= item.content %></td>
    <td><%= mail_to item.email, "Inquire", :cc => "michaelomchenry@gmail.com",
                 :subject => "OverFlow Inquiry Regarding " + item.title %></td>
    <td><%= link_to 'Show', item %></td>
    <td><%= link_to 'Edit', edit_item_path(item) %></td>
    <td><%= link_to 'Destroy', item, confirm: 'Are you sure?', method: :delete %></td>
  </tr>
<% end %>
  </table>

<br />
<%= link_to 'New Item', new_item_path %>
</div>

项目模型：

class Item < ActiveRecord::Base
  attr_accessible :content, :user_id, :title
  validates :content, :length => { :maximum => 140 }
  belongs_to :user
  delegate :email, to: :user
end

推荐答案

那里有很多东西。首先，为了能够根据用户过滤项目（或操作），您需要知道当时登录的用户，从而使用户能够登录。例如，可以使用 Devise （Rails的授权瑰宝）来完成此操作。 Devise被广泛使用并且有据可查。

There is a lot of stuff there. First of all, to be able to filter the items (or the actions) based on the user, you need to know who is logged at the time, and so enable users to login. This could be done for example using Devise, an authorization gem for Rails. Devise is largely used and well documented.

一旦设置了Devise，就可以检查用户是否已登录（例如，使用 before_filter ），然后Devise将创建一个 current_user变量供您使用（在 Devise教程）。然后，您可以使用它来过滤项目列表，例如：

Once Devise is setup, you can check whether the user is logged (for example using a before_filter), and Devise will create a "current_user" variable for you to use (this is shown in Devise tutorial). You can then use it to filter your item lists with something like :

editable_items = current_user.items

，然后在视图上使用editable_items。我建议您去阅读Devise教程，因为您正在做的是一个非常普通且有据可查的任务。

And then use the editable_items on your view. I would advise you to go read the Devise tutorial as what you are doing is a quite common and well documented task.

这篇关于Rails应用程序中项目/微博的CRUD所有权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！