管理员更改用户的批准状态 - Rails + Devise + Cancancan [英] Admin Change Approval Status of User - Rails + Devise + Cancancan
问题描述
我遵循了这个link 以了解如何让管理员批准新用户.我的 User
模型上有一个 approved
属性,它是一个布尔值.
I followed this link to figure out how to have an admin approve a new user. I have an approved
attribute on my User
model that is a boolean.
2 问题 - 1) 当我以管理员身份登录并通过 link_to "Edit", edit_user_path(user)
转到编辑用户以更改已批准的用户时 - url 用于正确的用户,但随后更新操作尝试更新当前的管理员用户.
2 problems - 1) when I'm logged in as admin and go to the edit user via the link_to "Edit", edit_user_path(user)
to change approved user - the url is for the correct user but then the update action tries to update the current admin user.
2) 我希望覆盖所需的当前密码,因此我在 Registrations
控制器中放置了一个方法来执行以下操作,但出现此错误:
2) I would prefer to have the override of the needed current password so I've put a method in the Registrations
controller to do this below but get this error:
错误:用户的未知属性current_password".
因此它不会覆盖 current_password
并且不会更新正确的非管理员用户 -我哪里出错了?
So it won't override the current_password
and it won't update the correct non-admin user -
Where am I going wrong?
class Ability
include CanCan::Ability
def initialize(user)
current_user ||= User.new # guest user (not logged in)
if current_user.admin == true
can :manage, :all
else
can :manage, User, id: user.id
end
end
end
路线
Rails.application.routes.draw do
devise_for :users, controllers: { registrations: 'registrations' }
resources :users
end
控制器
class RegistrationsController < Devise::RegistrationsController
def update_resource(resource, params)
resource.update_without_password(params) if current_user.admin == true
end
end
推荐答案
我花了很多时间试图解决这个问题,但没有在网上找到任何明确的、端到端的完整示例,所以我把所有内容都放在下面因此,希望 RoR/Devise 的任何新用户都不会遇到相同的问题.
I spent a lot of time trying to solve this and didn't find any definitive, end-to-end complete examples online so I'm putting everything below so any new users to RoR/Devise hopefully won't have same problems.
假设 Devise
在 User
模型上.确保您的 Cancancan 已相应设置.类似的东西:
Assuming Devise
is on the User
model.
Ensure your Cancancan is setup accordingly. Something similar to this:
模型/能力.rb
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
current_user ||= User.new # guest user (not logged in)
if current_user.admin
can :manage, :all
else
can :manage, User, id: user.id
end
end
end
按照这里
他提到有一个仅限管理员访问"的页面.如果有人不确定如何执行此操作:
He mentions have an 'admin-accessible only' page. In case someone's not sure how to do this:
class UsersController < ApplicationController
before_action :admin?, only: :index
def index
if params[:approved] == false
@users = User.where(approved: false)
else
@users = User.all
end
end
private
def admin?
redirect_to '/login' unless current_user.admin == true
end
end
替换这一行(我使用 .erb 而不是 .haml,因为他在链接中所做的)%td= link_to "Edit", edit_user_path(user)
用这个:<%= 用户批准 %>
Replace this line (I use .erb not .haml as he does in the link) %td= link_to "Edit", edit_user_path(user)
with this:
<%= User.approved %>
<td>
<% if !User.approved %>
<%= link_to "Approve User", user_path(:id => user.id, "user[approved]" => true), :method => :patch, class: "btn btn-success" %>
<% else %>
<%= link_to "Unapprove User", user_path(:id => user.id, "user[approved]" => false), :method => :patch, class: "btn btn-danger" %>
<% end %>
</td>
这实际上为您提供了一个按钮,单击该按钮将批准用户,反之亦然.困扰我好几天的关键是 a) 您必须确保您的表单(在这种情况下,link_to
命中用户控制器,而不是 RegistrationsController#update
> 方法.
This essentially gives you a button that when clicked, will approve the user and visa-versa. The key here that tripped me up for days is that a) You have to ensure that your form (in this case, the link_to
hits the Users controller and NOT the RegistrationsController#update
method.
我知道一些在线链接提供了创建Registrations
模型和更改路由、覆盖模型等的说明.
I know some online links gave instructions to create a Registrations
model and changing routes, overriding models, etc.
老实说,我的最终解决方案不需要任何这些.希望这会有所帮助!
Honestly, my final solution didn't need any of that. Hope this helps!
这篇关于管理员更改用户的批准状态 - Rails + Devise + Cancancan的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!