用设计打造专用配置文件 [英] Using Devise to create private profiles

问题描述

我目前正在创建使用设计的宝石私人用户配置文件。到目前为止，我有注册，登录，注销和编辑配置文件功能的工作。问题是，当他一个用户登录可以通过键入到URL的用户/ [用户名]看到所有其他用户。我是比较新的轨道，所以我还是搞清楚如何与会话的工作。

I am currently trying to create private user profiles using the Devise gem. So far I have the sign up, login, sign out and edit profile functionality working. The problem is that when a user signs in he is able to see all other users by typing into the url users/[username]. I am relatively new to rails so I am still figuring out how to work with sessions.

所以quesiton是我如何限制用户对特定于其他用户网站的部分访问？更妙的是，这是很容易与设计宝石呢？

So the quesiton is how do I limit a user's access to parts of a site that are specific to other users? And even better, is this easily done with the Devise gem?

在换句话说，如果我的标志是用户john。我应该能看到网站/用户/约翰（这是我的个人资料），但无法看到网站/用户/格雷格。

In other words if i sign is as user john. I should be able to see the site /users/john (which is my profile) but not see the site /user/greg.

感谢

推荐答案

设计将无法做到这一点，但惨惨会，正如有人提及。惨惨可能对初学者有点沉重只是做你正在尝试做的。所有你需要做的就是添加，检查用户是谁一个的before_filter。

Devise will not do this, but CanCan will, as someone mentioned. CanCan may be a little heavy for a beginner just to do what you are trying to do. All you need to do is add a before_filter that checks who the user is.

例如：

class UserProfilesController < ApplicationController

  before_filter :verify_owner

  def show
    @user_profile = current_user.user_profile
    # or maybe this way, not sure how you have your relations set up
    # @user_profile = UserProfile.where(:user => current_user)
  end

private

  def verify_owner
    # assume the route looks like this  /user/:username
    redirect_to root_url unless current_user.username == params[:username]
  end    

end

这篇关于用设计打造专用配置文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！