轨道,设计。禁止用户操作,除非AdminUser [英] Rails, Devise. Disallow User actions unless AdminUser
问题描述
我使用Devise创建的用户模型,使用 type:string 属性和 AdminUser 模型( AdminUser< ;
在应用程序控制器中,我定义了:require_admin 方法:
def require_admin
除非current_user == AdminUser
flash [:error] =您不是管理员
redirect_to store_index_path
end
end
在产品控制器上我设置
before_action:require_admin除了:show
现在我通过控制台成功创建了一个AdminUser(使用AdminUser id),当我登录应用程序时,我仍然无法使用这些操作(创建,编辑等)。
任何想法?
使用
current_user == AdminUser
你检查是否铜rrent_user object 等于 AdminUser 类。
你想要的是检查 current_user 的类是 AdminUser :
current_user.class == AdminUser/ pre>
#或
current_user.is_a?(AdminUser)
#或
current_user (AdminUser)
#或
current_user.instance_of?(AdminUser)
#或
AdminUser === current_user
I have User model created with Devise, with type:string attribute and a AdminUser model (
AdminUser < User).In application controller I defined the :require_admin method:
def require_admin unless current_user == AdminUser flash[:error] = "You are not an admin" redirect_to store_index_path end endOn products controller I set
before_action :require_admin, except: :showNow I create an AdminUser via console successfully (with AdminUser id) and when I log in the app, I still can not use those actions (create, edit etc.).
Any ideas?
解决方案With
current_user == AdminUseryou check whether
current_userobject is equal to theAdminUserclass.What you want instead is to check whether
current_user's class isAdminUser:current_user.class == AdminUser # or current_user.is_a?(AdminUser) # or current_user.kind_of?(AdminUser) # or current_user.instance_of?(AdminUser) # or AdminUser === current_user
这篇关于轨道,设计。禁止用户操作,除非AdminUser的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
