我正在使用Devise,我希望只允许管理员创建新用户。 我已经回顾了这个答案,但它看起来已经过时了。 我已经尝试了很多可能的答案,但没有任何效果。 我正在寻找一些详细的答案,因为我还是一个新手。
管理员在users表中标有布尔值我试图保持最小化。
I'm using Devise and I want allow Only Admins to create new users. I've already reviewed This answer but it looks outdated. I've tried so many possible answer but nothing worked. I'm looking for a bit detailed answer as I'm still a newbie.
Admins are labeled with Boolean value in the users table I'm trying to keep things minimal.
最满意答案
你可以实现这么多种方式。 我过去所做的是显示\隐藏视图中的链接和检查控制器中的用户的组合。 我假设您有一个表单,其中包含您将提交给用户控制器的用户详细信息。
我在下面的一个应用程序中包含了一个控制器。
我要做的第一件事是检查用户是否经过身份验证(我们使用谷歌进行此操作,但如果你已经设置了设计,则不需要这个,并且可能已经有了自己的身份验证)。 如果您已登录,Devise将创建current_user对象,其中应包含您的“role”属性。 在标准用户创建中,您可以检查当前的user.role,如果current_user.role不是1,则只需重定向(我假设1表示管理员)。
class UsersController < ApplicationController # Set the user record before each action before_action :set_user, only: [:show, :edit, :update, :destroy] # User must authenticate to use all actions in the users controller before_filter :authenticate_user! def create if current_user.role = 1 then @user = User.new(user_params) @user.password = Devise.friendly_token[0,20] respond_to do |format| if @user.save format.html { redirect_to @user, notice: 'User was successfully created.' } format.json { render action: 'show', status: :created, location: @user } else format.html { render action: 'new' } format.json { render json: @user.errors, status: :unprocessable_entity } end end else format.html { redirect_to @user, notice: 'You do not have sufficient rights to set up a new user.' } end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = User.find(params[:id]) rescue ActiveRecord::RecordNotFound flash[:notice] = "User record does not exist" redirect_to users_url end endYou could achieve this numerous ways. What I have done in the past is a combination of showing\hiding the links in the views and checking the user in the controller. I've assumed you have a form with the user details that you will submit to the user controller.
I've included a controller from one app I worked on below.
The first thing I do is to check to see if the user is authenticated (we use google for this but if you have set up devise you won't need this and probably have your own authentication in place). Devise will have created the current_user object if you have logged in which should include your "role" attribute. In the standard user create you can check the current user.role and simply redirect if the current_user.role is not 1 (I assumed 1 means admin).
class UsersController < ApplicationController # Set the user record before each action before_action :set_user, only: [:show, :edit, :update, :destroy] # User must authenticate to use all actions in the users controller before_filter :authenticate_user! def create if current_user.role = 1 then @user = User.new(user_params) @user.password = Devise.friendly_token[0,20] respond_to do |format| if @user.save format.html { redirect_to @user, notice: 'User was successfully created.' } format.json { render action: 'show', status: :created, location: @user } else format.html { render action: 'new' } format.json { render json: @user.errors, status: :unprocessable_entity } end end else format.html { redirect_to @user, notice: 'You do not have sufficient rights to set up a new user.' } end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = User.find(params[:id]) rescue ActiveRecord::RecordNotFound flash[:notice] = "User record does not exist" redirect_to users_url end end更多推荐
发布评论