[英]2 devise models (admin and user) and cancan
這是我的代碼,但仍然不允許我從某些原因創建個人資料。 我有2個模型,用戶和管理員。
我的控制器:
class ProfilesController < ApplicationController
before_action :set_profile, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
# GET /profiles
# GET /profiles.json
def index
user = User.find(params[:user_id])
@profiles = user.profiles
respond_to do |format|
format.html
format.xml {render :xml => @profiles}
end
end
# GET /profiles/1
# GET /profiles/1.json
def show
user = User.find(params[:user_id])
@profiles = user.profiles.find(params[:id])
respond_to do |format|
format.html
format.xml {render :xml => @profile}
end
end
# GET /profiles/new
def new
user = User.find(params[:user_id])
@profile = user.profiles.build
respond_to do |format|
format.html
format.xml {render :xml => @profile}
end
end
# GET /profiles/1/edit
def edit
user = User.find(params[:user_id])
@profiles = user.profiles.find(params[:id])
end
# POST /profiles
# POST /profiles.json
def create
user = User.find(params[:user_id])
@profile = user.profiles.create(profile_params)
respond_to do |format|
if @profile.save
format.html { redirect_to user_profiles_url, notice: 'Profile was successfully created.' }
format.json { render action: 'show', status: :created, location: @profile }
else
format.html { render action: 'new' }
format.json { render json: @profile.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /profiles/1
# PATCH/PUT /profiles/1.json
def update
user = User.find(params[:user_id])
@profiles = user.profiles.find(params[:id])
respond_to do |format|
if @profile.update(profile_params)
format.html { redirect_to user_profile_url, notice: 'Profile was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @profile.errors, status: :unprocessable_entity }
end
end
end
# DELETE /profiles/1
# DELETE /profiles/1.json
def destroy
user = User.find(params[:user_id])
@profiles = user.profiles.find(params[:id])
@profile.destroy
respond_to do |format|
format.html { redirect_to job_hunters_path }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_profile
@profile = Profile.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def profile_params
params.require(:profile).permit(:user_id, :full_name, :phone_number, :email, :position, :years_of_experiance, :cover_letter, :resume, :reference)
end
end
我的康康能力:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
if user.is_a?(Admin)
can :manage, :all
else user.is_a?(User)
can :read, Profile do |profile|
profile.try(:user) == user
end
can :update, Profile do |profile|
profile.try(:user) == user
end
can :destroy, Profile do |profile|
profile.try(:user) == user
end
can :create, Profile
end
end
end
我嘗試創建時出現的錯誤是:
ProfilesController#create中的ActiveModel :: ForbiddenAttributesError
嘗試跳過為控制器中的:create操作加載資源:
class ProfilesController < ApplicationController
before_action :set_profile, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
skip_load_resource :only => [:create]
#.....
您需要授予對新操作和創建操作的訪問權限。 因此,請按照給定的方式對其進行修改。 希望能幫助到你。
can [:new, :create], Profile
除此之外,請確保您已允許所有參數。
def profile_params
params.require(:profile).permit(:user_id, :full_name, :phone_number, :email, :position, :years_of_experiance, :cover_letter, :resume, :reference)
end
我設法解決它。 我使用您的skip_load_resource:only => [:create]並具有以下能力:
class Ability
include CanCan::Ability
def initialize(user)
if user.is_a?(Admin)
can :manage, :all
elsif user.is_a?(User)
can :read, Profile do |profile|
profile.try(:user) == user
end
can :update, Profile do |profile|
profile.try(:user) == user
end
can :destroy, Profile do |profile|
profile.try(:user) == user
end
can :create, Profile
else
cannot :read
cannot :destroy
cannot :create
end
end
end
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.