Ruby-Rails如何仅允许当前用户编辑和删除他们创建的帖子
[英]Ruby-On-Rails How to allow only current user to edit and delete posts they have created
问题描述
I am making a blog application and when the user is viewing the post index view I want them to only edit and delete posts they have created. 
我正在制作一个博客应用程序,当用户查看帖子索引视图时,我希望他们仅编辑和删除他们创建的帖子。 I am getting the following error: 我收到以下错误:
undefined method `user_id' for nil:NilClass nil:NilClass的未定义方法`user_id'
views/posts/index.html views / posts / index.html
<td><% if current_user.id == @post.user_id %></td>
<td><%= link_to 'Edit', edit_post_path(@post) %></td>
<td><%= link_to 'Destroy', post, method: :delete, data: { confirm: 'Are you sure?' } %></td>
<% end %>
The above is my if statement that allows user to only edit and delete posts they have created. 上面是我的if语句,它允许用户仅编辑和删除他们创建的帖子。
create method in post_controller: 在post_controller中创建方法:
def create
@post = Post.new(post_params)
@post.user = current_user
respond_to do |format|
if @post.save
format.html { redirect_to @post, notice: 'Post was successfully created.' }
format.json { render :show, status: :created, location: @post }
else
format.html { render :new }
form
at.json { render json: @post.errors, status: :unprocessable_entity }
end
end
end
2 个解决方案
解决方案1
2 已采纳 2016-12-14 19:51:11
I do a before action filter for the edit, update and destroy action: 我为编辑,更新和销毁操作做一个动作前过滤器:
before_action :correct_user, only: [:edit, :update, :destroy]
def correct_user
@post = Post.find_by(id: params[:id]) // find the post
unless current_user?(@post.user)
redirect_to user_path(current_user)
end
end
current_user?(@post.user) this checks if the current_user and the @post.user that you defined when you create a new post are the same. current_user?(@post.user)检查current_user和创建新帖子时定义的@ post.user是否相同。
In my sessionHelper I have to methods for defining the current user: 在我的sessionHelper中,我必须具有定义当前用户的方法:
def current_user?(user)
user == current_user
end
def current_user
if(user_id = session[:user_id])
@current_user ||= User.find_by(id: user_id)
end
end
In your post view you have to add conditional code to render the edit and delete links only if the user is the correct one: 在您的帖子视图中,仅当用户正确时,您才需要添加条件代码以呈现编辑和删除链接:
<% if current_user?(post.user) %>
<%= link_to "Edit", edit_micropost_path(micropost) %>
<%= link_to "Delete", micropost, method: :delete, data: { confirm: "Do you want to delete this post ?"}%>
<% end %>
解决方案2
1 2016-12-14 19:37:23
you want to make sure that the if statement is out side of the TD tag 您要确保if语句不在TD标记之外
<% if current_user && current_user.id == @post.user_id %>
<td></td>
<td><%= link_to 'Edit', edit_post_path(@post) %></td>
<td><%= link_to 'Destroy', post, method: :delete, data: { confirm: 'Are you sure?' } %></td>
<% end %>
#Post Controller
class Post < ApplicationController
...
def show
@post = Post.find(params[:id])
end
...
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.