Rails 4：如何禁用编辑、销毁等，

Question

我可以在 Rails 中禁用“Edit”和“Destory”吗？例如，如果我想为所有人禁用“Edit”，我在 test_controller.rb 中做什么显示？还是别的什么？我是 Rails 的新手，提前致谢！

  class BooksController < ApplicationController
  before_action :set_book, only: [:show, :edit, :update,:destroy ]

  # GET /books
  # GET /books.json
  def index
    @books = Book.all
  end

  # GET /books/1
  # GET /books/1.json
  def show
  end

  # GET /books/new
  def new
    @book = Book.new
  end

  # GET /books/1/edit
def edit
end

  # POST /books
  # POST /books.json

  def create
    @book = Book.new(book_params)

    respond_to do |format|
      if @book.save
        format.html { redirect_to @book, notice: 'Book was successfully created.' }
        format.json { render :show, status: :created, location: @book }
      else
        format.html { render :new }
        format.json { render json: @book.errors, status: :unprocessable_entity }
      end
    end
   end


  # PATCH/PUT /books/1
  # PATCH/PUT /books/1.json

  def update
    respond_to do |format|
      if @book.update(book_params)
        format.html { redirect_to @book, notice: 'Book was successfully updated.' }
        format.json { render :show, status: :ok, location: @book }
      else
        format.html { render :edit }
        format.json { render json: @book.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /books/1
  # DELETE /books/1.json
  def destroy
    @book.destroy
    respond_to do |format|
      format.html { redirect_to books_url, notice: 'Book was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_book
      @book = Book.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def book_params
      params.require(:book).permit(:name, :author, :price)
    end
end

---

`Rails.application.routes.draw do
  resources :books

  root :to => "home#index"
  get 'home/index'
end`

Answer 1

您可以限制安静的路由edit和destroy操作不可访问。

在你的 routes.rb 中，

resources :books, except: [:edit, :destroy]

请参阅：http : //guides.rubyonrails.org/routing.html#restricting-the-routes-created

编辑

如果你想保持 RESTful 路由（这样你就不必修改视图中的代码），你可以在控制器中使用 before_action 来重定向用户。

before_action :redirect_user, only: [:edit,:destroy]

def redirect_user
  redirect_to root_path
end

当您想根据某些条件限制对某些操作的访问时，通常会使用此方法。

例如，如果您只希望管理员编辑和删除书籍，您可以在其中设置条件redirect_user来检查当前用户是否为管理员并重定向非管理员用户。