用设计打造专用配置文件 [英] Using Devise to create private profiles
问题描述
我目前正在创建使用设计的宝石私人用户配置文件。到目前为止,我有注册,登录,注销和编辑配置文件功能的工作。问题是,当他一个用户登录可以通过键入到URL的用户/ [用户名]看到所有其他用户。我是比较新的轨道,所以我还是搞清楚如何与会话的工作。
I am currently trying to create private user profiles using the Devise gem. So far I have the sign up, login, sign out and edit profile functionality working. The problem is that when a user signs in he is able to see all other users by typing into the url users/[username]. I am relatively new to rails so I am still figuring out how to work with sessions.
所以quesiton是我如何限制用户对特定于其他用户网站的部分访问?更妙的是,这是很容易与设计宝石呢?
So the quesiton is how do I limit a user's access to parts of a site that are specific to other users? And even better, is this easily done with the Devise gem?
在换句话说,如果我的标志是用户john。我应该能看到网站/用户/约翰(这是我的个人资料),但无法看到网站/用户/格雷格。
In other words if i sign is as user john. I should be able to see the site /users/john (which is my profile) but not see the site /user/greg.
感谢
推荐答案
设计将无法做到这一点,但惨惨会,正如有人提及。惨惨可能对初学者有点沉重只是做你正在尝试做的。所有你需要做的就是添加,检查用户是谁一个的before_filter。
Devise will not do this, but CanCan will, as someone mentioned. CanCan may be a little heavy for a beginner just to do what you are trying to do. All you need to do is add a before_filter that checks who the user is.
例如:
class UserProfilesController < ApplicationController
before_filter :verify_owner
def show
@user_profile = current_user.user_profile
# or maybe this way, not sure how you have your relations set up
# @user_profile = UserProfile.where(:user => current_user)
end
private
def verify_owner
# assume the route looks like this /user/:username
redirect_to root_url unless current_user.username == params[:username]
end
end
这篇关于用设计打造专用配置文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!