stackoom
  简体   繁体   中英

rails 3 admin edit another user

 原文  2013-09-16 06:45:12       ruby-on-rails/ ruby/ admin/ edit

Question

I want an admin user to edit some another user. How can I do this?

There is a User model with a string attribute named role , which can be 3 things: "admin", "developer", "client". I want an admin can change developers' and clients' infos. Admins can't see each other, so this won't be a problem.

user.rb 

class User < ActiveRecord::Base
  attr_accessible :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id, :company
  belongs_to :company
  validates_inclusion_of :role, :in => ["admin", "developer", "client"], presence: true
end

index.html.erb 

<table class="pretty" border="1" cellpadding="10">  
  <tr>
    <th></th>
    <th><%= sortable "name" %></th>
    <th><%= sortable "email" %></th>
    <th><%= sortable("name", "Company") %></th>
    <th></th>
    <th></th>
  </tr>  

  <% for user in @users %>  
  <tr class="<%= cycle('oddrow', 'evenrow') -%>">
    <td><%= gravatar_for user %></td>
    <td><%= link_to user.name, user %></td>
    <td><%= user.email %></td>
    <td><%= user.company.name unless user.company_id.blank? %></td>
    <td><% if (current_user.role == "admin") || ( ( (current_user.role == "developer") && !current_user?(user) ) && (user.boss_id == current_user.id) ) %>
        <%= link_to "delete", user, method: :delete,
                              data: { confirm: "You sure?" } %>
        <% end %></td>
    <td><% if (current_user.role == "admin") %>
        <%= link_to "reset password", user, method: :update %>   ###this is where admin will edit another user
        <% end %></td>
  </tr>
  <% end %>
</table>

With this code, when I click reset password , it says:

Routing Error

No route matches [POST] "/users/1"

EDIT: config/routes.rb 

SampleApp::Application.routes.draw do

  #get "confs/new"

  resources :users
  resources :sessions, only: [:new, :create, :destroy]
  resources :companies

  root   to: 'sessions#new'

  match '/home' , to: 'static_pages#home'

  match '/help' ,  to: 'static_pages#help'

  match '/about' ,  to: 'static_pages#about'

  match '/contact' , to: 'static_pages#contact'

  match '/buttons' , to: 'static_pages#buttons'

  match '/signup' , to: 'users#newuser'

  match '/signin' , to: 'sessions#new'

  match '/signout', to: 'sessions#destroy' , via: :delete

  match '/developers', to: 'users#developers'

  match '/clients', to: 'users#clients'

  match '/downloads', to: 'confs#downloads'

  match '/new_company', to: 'companies#new'

  match '/resellers', to: 'companies#resellers'

  match '/companies_own', to: 'companies#owns'

  match '/conf_new', to: 'confs#new'

  match '/conf_show_all', to: 'confs#index'

  match '/conf_show_own', to: 'confs#own'

  match '/conf_show', to: 'confs#show'

  resources :confs do
    member do
      get :download
    end
  end
end

EDIT 2: rake routes | grep user 

users     GET     /users(.:format)              users#index
          POST    /users(.:format)              users#create
new_user  GET     /users/new(.:format)          users#new
edit_user GET     /users/:id/edit(.:format)     users#edit
     user GET     /users/:id(.:format)          users#show
          PUT     /users/:id(.:format)          users#update
          DELETE  /users/:id(.:format)          users#destroy
   signup         /signup(.:format)             users#newuser
developers        /developers(.:format)         users#developers
  clients         /clients(.:format)            users#clients

EDIT3: users_controller.rb 

class UsersController < ApplicationController
  before_filter  :signed_in_user, only:[:index, :edit, :update, :destroy]
  before_filter  :correct_user,   only:[:edit, :update]
  before_filter  :admin_user,     only:[:edit, :destroy]

  def show
    @user = User.find(params[:id])
  end

  def newuser
    @user = User.new
  end

  def create
    @user = User.new(user_params)

     if @user.save
        #sign_in @user
        flash[:success] = "Welcome to the ManusWeb!"
          redirect_to @user
     else
          render 'newuser'
     end
  end

  helper_method :sort_column, :sort_direction
  def index
    @users = User.where(:role => "client").
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def developers
    @users = User.where(:role => "developer").
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def clients
    @users = User.where(:boss_id => codevelopers.map(&:id)).
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def codevelopers
    @users = User.where(:company_id => current_user.company_id)
  end

  def edit

  end


  def update

    if @user.update_attributes(user_params)
      # Handle a successful update.
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user

    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User deleted"
    redirect_to users_url
  end

  def client
    current_user.role == "client"
  end


  private

  def signed_in_user
    unless signed_in?
      store_location
      redirect_to signin_url, notice: "Please sign in"    
    end
  end


  def correct_user
    @user = User.find(params[:id])  
    redirect_to root_url, notice: "You are not authorized to request this page"  unless current_user?(@user)

  end

  def admin_user
    redirect_to(root_path) unless (current_user.role == "admin")
  end

  def sort_column
    (( User.column_names.include?(params[:sort]) ) || ( Company.column_names.include?(params[:sort]) )) ? params[:sort] : "name"
  end

  def sort_direction
    %w[asc desc].include?(params[:direction]) ? params[:direction] : "asc"
  end

  def user_params
    params.require(:user).permit( :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id ) if params[:user]
  end

end

4 answers

solution1
 6 ACCPTED  2013-09-16 06:54:50

Change the 'reset password' link to the following: 

<%= link_to "reset password", edit_user_path(user) %>

Change the correct_user method to the following: 

def correct_user
    @user = User.find(params[:id])  
    redirect_to root_url, notice: "You are not authorized to request this page"  unless current_user.role == "admin" or current_user?(@user)
end

solution2
 2  2013-09-16 06:55:20

:role in attr_accessible is bad.

In UsersController: 

before_filter :accessible, only: [:create, :update]

private
def accessible
  @user.accessible << :role if can? :assign_role, @user # or use your condition
end

In User model: 

attr_writer :accessible

def accessible
  @accessible ||= []
end

private

  def mass_assignment_authorizer(arg)
    super + accessible
  end

solution3
 2  2013-09-16 07:03:27

运行rake路由并找到帮助URL来编辑用户,我认为链接标记应该是

<%= link_to 'Reset Password', edit_user_path(user) %>

solution4
 0  2013-09-16 06:56:52

我确定link_to应该是_path_url 

<%= link_to "reset password", edit_user_path(user)%>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails Admin - Become Another User Edit other user as admin, ruby on rails Rails, Devise - Admin trying to edit another user profile, own profile loaded instead Rails 5 - Devise + Petergate - Admin edit other user registration Allow Admin to edit other user's pins - Rails How to allow only Admin (or some user) to edit the pages in Rails? How does one use a rails admin account outside of rails admin to edit user data? Edit User Information as Admin Edit View Fields in Rails Admin Rails | Should use user model or create another one for admin
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM