Rails用户配置文件页面仅可用于更正用户 [英] Rails user profile page only accessible to correct user
本文介绍了Rails用户配置文件页面仅可用于更正用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
users_controller.rb
class UsersController< ApplicationController
def show
@user = User.find(params [:id])
end
end
routes.rb
devise_for:users
资源:用户,只有:[:show]
获取'users / show'
显示视图...
< div类=家页内容>
<%= @ user.id%>
< h1> Users#show< / h1>
< p>在app / views / users / show.html.erb中找到我< / p>
< / div>
解决方案
帮助检测current_user是正确的。
class UsersController< ApplicationController
before_action:check_user
private
def check_user
如果current_user!= @user
redirect_to root_url,alert: 对不起,这个资料属于别人!
end
end
end
I am using devise for the authentication. Right now, I'm setting up user profiles. I have everything set up, except each page is accessible for everyone (so you can see profiles without being logged in). How do I make it so that only the correct user can see their own profile page?
users_controller.rb
class UsersController < ApplicationController
def show
@user = User.find(params[:id])
end
end
routes.rb
devise_for :users
resources :users, only: [:show]
get 'users/show'
show view...
<div class="home-page-content">
<%= @user.id %>
<h1>Users#show</h1>
<p>Find me in app/views/users/show.html.erb</p>
</div>
解决方案
This one should help to detect current_user is correct.
class UsersController < ApplicationController
before_action :check_user
private
def check_user
if current_user != @user
redirect_to root_url, alert: "Sorry, This Profile belongs to someone else !"
end
end
end
这篇关于Rails用户配置文件页面仅可用于更正用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文