Rails 4设计强大的参数管理模型 [英] Rails 4 Devise Strong Parameters Admin Model
问题描述
class ApplicationController< ActionController :: Base
#通过引发异常来防止CSRF攻击。
#对于API,您可能需要使用:null_session。
protect_from_forgery with::exception
before_filter:configure_permitted_parameters,如果::devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up){| u | u.permit(:username,:email,:password,:password_confirmation,:remember_me)}
devise_parameter_sanitizer.for(:sign_in){| u | u.permit(:login,:password,:remember_me)}
end
end
如何将管理模型列入白名单?
devise_parameter_sanitizer.for(:sign_in){| a | a.permit(:login,:password,,remember_me)}
另外如何将管理员列入白名单sign_up,以便没有变量可以传递给它?我的猜测是
devise_parameter_sanitizer.for(:sign_up){| a | a.permit()}
更新
我想编辑我的问题。我的问题是如何让管理员模型自动黑名单我的管理员注册页面?如果我完全没有留下任何内容,那么我仍然可以通过admins / sign_up注册。当然可以删除app / models / admin.rb中的注册,但是我想拒绝命令行注册
- 使用范围视图并明确定义管理员和用户模型的每个视图是否明智? -
如果您有用户和管理员的单独控制器,请尝试以下操作:
def configure_permitted_parameters
如果params [:controller ] ==user
devise_parameter_sanitizer.for(:sign_up){| u | u.permit(:username,:email,:password,:password_confirmation,:remember_me)}
devise_parameter_sanitizer.for(:sign_in){| u | u.permit(:login,:password,,remember_me)}
else
devise_parameter_sanitizer.for(:sign_in){| a | a.permit(:login,:password,:remember_me)}
devise_parameter_sanitizer.for(:sign_up){| a | a.permit()}
并且还有另一种方法,只为两者创建一个控制器用户和管理员(命名为registrations_controller.rb)在您的用户表中有一个名为is_admin的字段,只有当他/她是管理员时才将其设置为用户。创建一个种子,使您的seed.rb文件中的管理员如下所示:
admin_user = User.new(email:abc @ xyz.com,密码:123,password_confirmation:123,is_admin:true)
admin_user.skip_confirmation!
admin_user.save
I have made a user and admin model using devise. I have used strong parameters in the app/controllers/application_controller.rb file
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :password, :remember_me) }
end
end
How do I whitelist the admin model?
devise_parameter_sanitizer.for(:sign_in) { |a| a.permit(:login, :password, :remember_me) }
Also how do I whitelist the admin sign_up so that no variables may be passed into it? My guess is
devise_parameter_sanitizer.for(:sign_up) { |a| a.permit()}
UPDATE
I would like to edit my question.My question is how do I get the admin model to automatically blacklist my admin sign up page? If I simply leave nothing then I can still sign up through the "admins/sign_up". Sure I can delete the :regisitrations within the "app/models/admin.rb", but I would like to deny command line sign ups
--Would it be wise to use scoped views and specifically define each view for the admin and user models?--
If you have separate controllers for users and admins then try something like this:
def configure_permitted_parameters
if params[:controller] == "user"
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :password, :remember_me) }
else
devise_parameter_sanitizer.for(:sign_in) { |a| a.permit(:login, :password, :remember_me) }
devise_parameter_sanitizer.for(:sign_up) { |a| a.permit()}
and there's another approach to it as well, create only one controller for both users and admin, named registrations_controller.rb, have a field in your users table named is_admin and set it for a user only if he/she is a admin. Create a seed to make your admins like this in your seeds.rb file:
admin_user = User.new(email: "abc@xyz.com", password: "123", password_confirmation: "123", is_admin: "true" )
admin_user.skip_confirmation!
admin_user.save
这篇关于Rails 4设计强大的参数管理模型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
