如何只允许Admin(或某些用户)编辑Rails中的页面?
[英]How to allow only Admin (or some user) to edit the pages in Rails?
问题描述
I have a scaffold Finances and I just realized that it can be edited by any logged in user by going to /finances/1/edit 
我有一个脚手架财务,我刚刚意识到它可以由任何登录用户编辑,进入/财务/ 1 /编辑
I have installed activ_admin gem but I don't think it is what I need. 我已经安装了activ_admin gem,但我不认为这是我需要的。 How to make sure other than admin (or may be some users) no one can edit finances resource type- I 如何确保除管理员(或可能是某些用户)之外没有人可以编辑财务资源类型 - 我
EDIT - I found https://github.com/EppO/rolify , is this best option or I still can do something better as it may be overkill ? 编辑 - 我发现https://github.com/EppO/rolify ,这是最好的选择还是我仍然可以做得更好,因为它可能有点矫枉过正?
EDIT 1 - I went through this https://github.com/EppO/rolify/wiki/Tutorial and have assigned role "admin" to user = User.find(1), everything went well upto "ability.can? :manage, :all" in console, which shows TRUE for user 1 and false for other users. 编辑1 - 我浏览了这个https://github.com/EppO/rolify/wiki/Tutorial并为user = User.find(1)分配了角色“admin”,一切顺利到“ability.can ?: manage ,:all“在控制台中,对用户1显示为TRUE,对其他用户显示为false。 Now I am not able to figure out what to do ? 现在我无法弄清楚该怎么办? I can still see all users being able to edit the page even though I have added "resourcify" in the finance.rb model. 即使我在finance.rb模型中添加了“resourcify”,我仍然可以看到所有用户都能够编辑页面。 Any help ? 有帮助吗?
3 个解决方案
解决方案1
3 2013-04-17 05:46:55
I'm not sure how your models are set up, but lets say your User model has an admin column, you can do the following: 我不确定您的模型是如何设置的,但是假设您的User模型有一个管理列,您可以执行以下操作:
FinancesController < ApplicationController
before_filter :must_be_admin, only: :edit
def edit
...
end
private
def must_be_admin
unless current_user && current_user.admin?
redirect_to root_path, notice: "Some message"
end
end
end
You can add any actions needed to the before filter, eg before_filter :must_be_admin, only: [:edit, :destroy] 您可以添加前过滤器所需的任何操作,例如before_filter :must_be_admin, only: [:edit, :destroy]
解决方案2
3 已采纳 2013-04-17 05:47:12
Well, I personally use rolify for my project and love it.. but to be honest this is super easy to achieve by simply adding a column "admin" to your User model and having it default to false. 好吧,我个人对我的项目使用rolify并且喜欢它..但说实话,只需在你的用户模型中添加一个“admin”列并将其默认为false就可以轻松实现。 When you want a user to be an admin update the attribute to true and then require the User.admin==true to access the finances edit action... You can do this by redirecting the non-admin user from the controller (within the finances edit action) 当您希望用户成为管理员时,将该属性更新为true,然后要求User.admin == true访问财务编辑操作...您可以通过从控制器重定向非管理员用户(在财务编辑行动)
By the way if you're using devise for auth check out Devise before_filter authenticate_admin? 顺便说一句,如果你正在使用devise for auth检查出Devise before_filter authenticate_admin?
解决方案3
2 2013-04-17 05:44:44
If you're looking to add sensible user authorization without rolling your own solution, definitely check out CanCan . 如果您希望在不推出自己的解决方案的情况下添加合理的用户授权,请务必查看CanCan 。 Also helpful is this screencast by its author, Ryan Bates. 这个截屏作者Ryan Bates也很有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.