Devise / CanCanCan - 允许管理员创建新用户 [英] Devise/CanCanCan - Allow Admin To Create New Users

问题描述

我正在使用rails 4.0.2，devise和 cancancan 。我试图允许管理员创建新的用户。管理员用户在users表中分配了一个布尔字段。

在ability.rb中，我有以下内容：

 可以：管理，：所有如果user.admin？ 
  

遵循问题我创建了一个名为AdminsController的新控制器，它看起来像这样：

  class AdminsController< Devise :: RegistrationsController 
 def create 
 build_resource（sign_up_params）
如果resource.save 
 redirect_to admin_editors_path 
 else 
 clean_up_passwords资源
 respond_with resource 
 end 
 end 
 
 def new 
 build_resource（{}）
 end 
 end 
  / pre> 
 
 
我也尝试配置路由：
  devise_for：users，：skip => [：registration] 
 as：user do 
 get'user / admin'=> 'admins＃new'
 post'user / admin'=> 'admins＃create'
 get'users / edit'=> 'devise / registrations＃edit'，：as => ：edit_user_registration 
 post'users /'=> 'devise / registrations＃create'，：as => ：user_registration 
 get'users / cancel'=> 'devise / registrations＃cancel'，：as => ：cancel_user_registration 
 end 
  
在设计/注册/ edit.html我试图添加一个允许用户创建新用户的链接，如下所示：
 <％= link_to创建用户，user_admin_path％ > 
  
问题是该链接只是将我重定向到主页，其中包含消息
 
 
您已经登录。
 
 
我不是真的确定我在这里遇到什么，所以任何帮助将是非常感谢。 
解决方案
 Devise :: RegistrationsController中的 build_resource  a href =https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb =nofollow> github ），
  def build_resource（hash = nil）
 self.resource = resource_class.new_with_session（hash || {}，session）
 end 
  
根据会话建立一个新的资源。会话中的用户（在这种情况下）是管理员并已登录。
 
 
 
您希望基于用户类的新用户实例创建一个新用户不是基于会话。
 
 
 
这样的东西应该可以工作。
  class AdminsController< ApplicationController 
 def new_user 
授权！ ：manage，User 
 @user = Users.new 
 end 
 def create_user 
 @user = User.new（allowed_pa​​rams.user）
授权！ ：manage，User 
 if @ user.save 
 #success 
 else 
 #error 
 end 
 
 end 
 end 
  
 routes.rb 
 code> getadmins / new_user=> admins＃new_user，作为：admins_new_user 
发布admins / create_user /：id=admins / create_user，作为：admins_create_user 
  
链接到新用户
 <％= link_to创建用户 ，admins_new_user_path％> 
  
表单
 <％= form_for（@user，：url => admins_create_user_path）do | f | ％GT; 
 #fields并提交
<％end％> 
  
 allowed_pa​​rams.user是PermittedParams类中的一种方法，可能对您来说很方便。 p> 
 
 
通过将current_user传递给该方法，您可以为不同的用户允许不同的参数。
 
 
 
 models / allowed_pa​​rams.rb 
 
 
 
  class PermittedParams< struct.new（：params，：current_user）
 def user 
 params.require（：user）.permit（* user_attributes）
 end 
 def user_attributes 
如果current_user .admin？ 
 [：name，：email，，password，：password_confirmation，：role，，admin] 
 else 
 [：name，：email，，remember_me，，password，，password_confirmation，] 
 end 
 end 
 end 
  
 
I'm using rails 4.0.2, devise and cancancan. I'm trying to allow an admin to create new users. Admin users are assigned with a boolean field in the users table.

In ability.rb I have the following:
can :manage, :all if user.admin?
Following some of the advise in this question I created a new controller called AdminsController and it looks like so:
class AdminsController < Devise::RegistrationsController
      def create
        build_resource(sign_up_params)
        if resource.save
          redirect_to admin_editors_path
        else
          clean_up_passwords resource
          respond_with resource
        end
      end

      def new
        build_resource({})
      end
end
I've tried to configure the routes as well:
  devise_for :users, :skip => [:registrations]
  as :user do
    get 'user/admin' => 'admins#new'
    post 'user/admin' => 'admins#create'
    get 'users/edit' => 'devise/registrations#edit', :as => :edit_user_registration
    post 'users/' => 'devise/registrations#create', :as => :user_registration
    get 'users/cancel' => 'devise/registrations#cancel', :as => :cancel_user_registration
  end
In devise/registrations/edit.html I'm trying to add a link to allow the user to create a new user like so:
<%= link_to "Create User", user_admin_path %>
The problem is that that link just redirects me to the home page with the message

  
You are already signed in.
I'm not really sure what I'm getting wrong here so any help at all would be much appreciated. 
解决方案
The build_resource method in the Devise::RegistrationsController( on github ),
def build_resource(hash=nil)
  self.resource = resource_class.new_with_session(hash || {}, session)
end
builds a new resource by based the session. The user in the session (in this case) are the admin and are signed in.

You want to create a new User based on a new user instance of the user class, not based on a session.

Something like this should work.
class AdminsController < ApplicationController
 def new_user
  authorize! :manage, User
   @user = Users.new
 end
 def create_user
    @user = User.new(permitted_params.user)
    authorize! :manage, User
    if @user.save
     #success
    else
     #error
    end

 end
end
routes.rb
get "admins/new_user" => "admins#new_user", as: :admins_new_user
post "admins/create_user/:id" = "admins/create_user", as: :admins_create_user
link to new user
<%= link_to "Create User", admins_new_user_path %>
Form
  <%= form_for(@user, :url => admins_create_user_path) do |f| %>
  #fields and submit
  <% end %>
permitted_params.user is a method in a PermittedParams class, and it might be handy for you.

By passing current_user into the method you can allow different parameter for different users.

models/permitted_params.rb
class PermittedParams < Struct.new(:params, :current_user)
  def user
    params.require(:user).permit(*user_attributes)
  end
  def user_attributes
    if current_user.admin?
      [:name, :email,:password, :password_confirmation, :role ,:admin]
    else
      [ :name, :email, :remember_me,:password, :password_confirmation, ]
    end
  end
end


                        
这篇关于Devise / CanCanCan  - 允许管理员创建新用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！