在Rails路线中访问current_user
[英]Accessing current_user in Rails route
问题描述
Please forgive me... I know there are other posts with a similar title but I have not seen my question so... 
请原谅我...我知道还有其他标题相似的帖子,但是我没有看到我的问题,所以...
I am trying to create a url mysite.com/myusername/profile and I was wondering how to create the route for that. 我正在尝试创建一个URL mysite.com/myusername/profile,我想知道如何为此创建路由。 At the moment, the url for user#profile is just that, mysite.com/user/profile, but I want to make it something more specific like say each user has a username like JohnnySmith the URL would be mysite.com/JohnnySmith/profile. 目前,user#profile的URL就是mysite.com/user/profile,但我想让它更具体一些,例如说每个用户都有一个像JohnnySmith这样的用户名,URL就是mysite.com/JohnnySmith/轮廓。 I was thinking something like 我在想类似
get "/#{current_user.username}", to: "user#profile", as: user_profile
but I know this isn't correct. 但我知道这是不正确的。
I should mention that, too, that it is not possible for just anyone to access mysite.com/JohnnySmith/profile.... the current user would have to be JohnnySmith. 我还要提到的是,不可能只有任何人可以访问mysite.com/JohnnySmith/profile ....当前用户必须是JohnnySmith。
Can someone help? 有人可以帮忙吗? Thanks. 谢谢。
2 个解决方案
解决方案1
1 2016-01-28 06:29:06
If you want to pass a parameter in a route, it should be 如果要在路由中传递参数,则应为
get "/:username/profile", to: "user#profile", as: user_profile
Please take a look at http://guides.rubyonrails.org/routing.html#naming-routes 请查看http://guides.rubyonrails.org/routing.html#naming-routes
Then you can use params[:username] in your controller to validate the user like 然后,您可以在控制器中使用params[:username]来验证用户身份,例如
if current_user.username != params[:username]
# redirect to error page
Or you can use cancancan gem to do this. 或者,您可以使用cancancan gem来执行此操作。
解决方案2
0 2016-01-28 13:41:22
You need to use friendly_id with CanCanCan for authorization. 您需要对CanCanCan使用friendly_id进行授权。
Essentially, what you're trying to do is allow Rails to process usernames through the params. 本质上,您要尝试的是允许Rails通过参数处理用户名。 This can be done without friendly_id , but is somewhat hacky. 这可以在没有friendly_id情况下完成,但是有点hacky。
Using the friendly_id gem will allow you to use the following: 使用friendly_id gem将允许您使用以下内容:
#Gemfile
gem "friendly_id"
$ rails generate friendly_id
$ rails generate scaffold user name:string slug:string:uniq
$ rake db:migrate
#app/models/user.rb
class User < ActiveRecord::Base
extend FriendlyID
friendly_id :username, use: [:finders, :slugged]
end
You'd then be able to use: 然后,您可以使用:
#config/routes.rb
resources :users, path: "", only: [] do
get :profile, action: :show, on: :member #-> url.com/:id/profile
end
#app/controllers/users_controller.rb
class UsersController < ApplicationController
def show
@user = User.find params[:id]
end
end
This will automatically translate params[:id] into the slug attribute for the User model: 这将自动将params[:id]转换为User模型的slug属性:
<%= link_to "Profile", user_profile_path(current_user) %>
# -> url.com/:current_user_name/profile
-- -
The next stage to this is authorization . 下一步是授权 。
Using CanCanCan should make it so that only the current_user can view their profile: 使用CanCanCan应该做到这一点,以便只有current_user可以查看其个人资料:
#Gemfile
gem "cancancan"
#app/models/ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
can :read, User, id: user.id
end
end
You can then use load_and_authorize_resource in your users controller: 然后,可以在users控制器中使用load_and_authorize_resource :
#app/controllers/users_controller.rb
class UsersController < ApplicationController
load_and_authorize_resource
def show
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.