堆棧內存溢出
  簡體   English   中英

2種設計模型(管理員和用戶)和cancan

[英]2 devise models (admin and user) and cancan

 原文  2015-03-30 18:34:54       ruby-on-rails/ devise/ cancan

問題描述

這是我的代碼,但仍然不允許我從某些原因創建個人資料。 我有2個模型,用戶和管理員。

我的控制器: 

class ProfilesController < ApplicationController
  before_action :set_profile, only: [:show, :edit, :update, :destroy]
  load_and_authorize_resource



  # GET /profiles
  # GET /profiles.json
  def index
    user = User.find(params[:user_id])
    @profiles = user.profiles

    respond_to do |format|
      format.html
      format.xml {render :xml => @profiles}
    end
  end

  # GET /profiles/1
  # GET /profiles/1.json
  def show
    user = User.find(params[:user_id])
    @profiles = user.profiles.find(params[:id])

    respond_to do |format|
      format.html
      format.xml {render :xml => @profile}
      end
  end

  # GET /profiles/new
  def new
    user = User.find(params[:user_id])
    @profile = user.profiles.build

    respond_to do |format|
      format.html
      format.xml {render :xml => @profile}
      end
  end

  # GET /profiles/1/edit
  def edit
    user = User.find(params[:user_id])
    @profiles = user.profiles.find(params[:id])
  end

  # POST /profiles
  # POST /profiles.json
  def create
    user = User.find(params[:user_id])
    @profile = user.profiles.create(profile_params)

    respond_to do |format|
      if @profile.save
        format.html { redirect_to user_profiles_url, notice: 'Profile was successfully created.' }
        format.json { render action: 'show', status: :created, location: @profile }
      else
        format.html { render action: 'new' }
        format.json { render json: @profile.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /profiles/1
  # PATCH/PUT /profiles/1.json
  def update
    user = User.find(params[:user_id])
    @profiles = user.profiles.find(params[:id])

    respond_to do |format|
      if @profile.update(profile_params)
        format.html { redirect_to user_profile_url, notice: 'Profile was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @profile.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /profiles/1
  # DELETE /profiles/1.json
  def destroy
    user = User.find(params[:user_id])
    @profiles = user.profiles.find(params[:id])

    @profile.destroy
    respond_to do |format|
      format.html { redirect_to job_hunters_path }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_profile
      @profile = Profile.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def profile_params
      params.require(:profile).permit(:user_id, :full_name, :phone_number, :email, :position, :years_of_experiance, :cover_letter, :resume, :reference)
    end
end

我的康康能力: 

class Ability
  include CanCan::Ability

  def initialize(user)

    user ||= User.new

    if user.is_a?(Admin)

      can :manage, :all 

    else user.is_a?(User)

      can :read, Profile do |profile|
      profile.try(:user) == user
      end
      can :update, Profile do |profile|
      profile.try(:user) == user
      end
      can :destroy, Profile do |profile|
      profile.try(:user) == user
      end
      can :create, Profile

    end
  end
end

我嘗試創建時出現的錯誤是:

ProfilesController#create中的ActiveModel :: ForbiddenAttributesError

3 個解決方案

解決方案1
 0  2015-03-30 18:39:38

嘗試跳過為控制器中的:create操作加載資源: 

class ProfilesController < ApplicationController
  before_action :set_profile, only: [:show, :edit, :update, :destroy]
  load_and_authorize_resource
  skip_load_resource :only => [:create]

#.....

解決方案2
 0  2015-03-30 18:41:43

您需要授予對新操作和創建操作的訪問權限。 因此,請按照給定的方式對其進行修改。 希望能幫助到你。 

 can [:new, :create], Profile

除此之外,請確保您已允許所有參數。 

def profile_params
   params.require(:profile).permit(:user_id, :full_name, :phone_number, :email, :position, :years_of_experiance, :cover_letter, :resume, :reference)
end

解決方案3
 0  2015-03-30 19:03:20

我設法解決它。 我使用您的skip_load_resource:only => [:create]並具有以下能力: 

class Ability
  include CanCan::Ability

  def initialize(user)

    if user.is_a?(Admin)

      can :manage, :all 

    elsif user.is_a?(User)

      can :read, Profile do |profile|
      profile.try(:user) == user
      end
      can :update, Profile do |profile|
      profile.try(:user) == user
      end
      can :destroy, Profile do |profile|
      profile.try(:user) == user
      end
      can :create, Profile

    else

      cannot :read
      cannot :destroy
      cannot :create

    end
  end
end

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 CanCan +為設計用戶模型設計 Devise + CanCan +不同的模型(角色) 設計/可以重定向管理員問題 Devise + CanCan:管理員管理用戶 Rails_Admin多個&#39;用戶&#39;模型+設計 CANCAN =&gt;管理員+代理+用戶 Devise和CanCan不能:銷毀用戶 使用Devise進行用戶自注冊和Cancan super_admin注冊用戶時出現錯誤“未初始化的常量注冊” 如何將CanCan與多種設計模型集成? Rails 4,Devise,CanCan和rails_admin問題?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM