akh*_*ith 2 ruby-on-rails devise
用户只能在登录时进行编辑,但问题是任何登录的用户都可以编辑其他用户的内容.如何进行用户特定的编辑,只有当前用户只能编辑他们的内容?
class JobsController < ApplicationController
before_action :find_job, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!,except:[:index]
def show
end
def update
if @job.update(jobs_params)
redirect_to @job
else
render "Edit"
end
end
private
def jobs_params
params.require(:job).permit(:title, :description, :company, :url, :jobcategory_id)
end
def find_job
@job = Job.find(params[:id])
end
end
show.html.haml
- if user_signed_in?
= link_to "Back", root_path, class: "btn btn-sm btn-default"
= link_to "Edit", edit_job_path(@job), class: "btn btn-sm btn-default"
Gag*_*ami 14
您还没有关联Job用User.没有它你怎么能识别哪个Job被发布User?
对于联想Job与User
在user.rb中
has_many :jobs
在job.rb
belongs_to :user
然后将user_id列添加到Job表中,并添加user_id强参数.
要user_id在Job表格中添加列:
rails g migration AddUseridToJob user_id:integer
rake db:migrate
在您的模板中:jobs/_form.html.haml assignuser_id
= f.hidden_field :user_id , :value => current_user.id
当用户创建输入job数据时,它将与该特定关联.User因此,您可以识别和限制某些操作.
按照上述步骤试试这个:
- if (user_signed_in? && (current_user.id == @job.user_id))
= link_to "Edit", edit_job_path(@job), class: "btn btn-sm btn-default"
注意:
edit行动链接是否会被任何其他用户看不到.如果您不想让任何其他用户进行edit/ update/ deletejob并将它们重定向到索引页面,那么实现如下job_owner方法:
class JobsController < ApplicationController
before_action :find_job, only: [:show, :edit, :update, :destroy, :job_owner]
before_action :authenticate_user!,except:[:index]
before_action :job_owner, only: [:edit, :update, :destroy]
....
# add this method
def job_owner
unless @job.user_id == current_user.id
flash[:notice] = 'Access denied as you are not owner of this Job'
redirect_to jobs_path
end
end
....
end
| 归档时间: |
|
| 查看次数: |
3959 次 |
| 最近记录: |