Ruby on rails Rails允许管理员让其他用户成为管理员
我对它有点陌生,但我正在使用rails构建一个新的web应用程序。到目前为止,我得到的大部分信息都基于railstutorial.org。我只有几个可能的用户“角色”(基本用户、excom和管理员),所以我只是在用户模型中使用几个布尔字段对其进行建模 我希望我的管理员用户能够使其他用户成为管理员或执行委员会,而不必求助于一些成熟的用户角色建模系统 我不希望管理员能够修改其他用户数据(如姓名、电子邮件等),当然也不希望允许用户将自己设置为管理员,因此在users_controller更新方法中添加类似的内容似乎既麻烦又容易出错。但它也似乎是一个全新的控制器和路线是过度杀伤力 我只想让管理员点击一个按钮“让用户成为管理员”并让它工作,但我不确定实现这一点的“正确”方法 编辑: 管理员在这一点上的唯一暴露是在某些操作之前检查用户是否是管理员。即Ruby on rails Rails允许管理员让其他用户成为管理员,ruby-on-rails,authentication,admin,Ruby On Rails,Authentication,Admin,我对它有点陌生,但我正在使用rails构建一个新的web应用程序。到目前为止,我得到的大部分信息都基于railstutorial.org。我只有几个可能的用户“角色”(基本用户、excom和管理员),所以我只是在用户模型中使用几个布尔字段对其进行建模 我希望我的管理员用户能够使其他用户成为管理员或执行委员会,而不必求助于一些成熟的用户角色建模系统 我不希望管理员能够修改其他用户数据(如姓名、电子邮件等),当然也不希望允许用户将自己设置为管理员,因此在users_controller更新方法中添加
def admin_user
redirect_to(root_url) unless current_user.admin?
end
def make_admin
@user = User.find(params[:id])
@user.admin = true
@user.save
flash[:success] = "#{@user.name} is now an Admin"
end
<%= link_to "Make Admin", user_admin_path(user), method: :post,
data: { confirm: "You sure?" } %>
我认为@widjayd的答案是正确的。通过这种方式创建自定义路由是否在参数中包含用户id?您可以使用管理员的自定义方法创建自定义路由
resources users do
collection {
get :new_admin
put :create_admin
}
end
resources users do
collection {
get :new_admin
put :create_admin
}
end
def new_admin
@user = User.new
# this depending with what system you use devise/bcryt/others
end
def create_admin
@user = User.new(user_params)
@user.role = "Admin"
# this depending with what system you use devise/bcryt/others
end
<%= form_for @user, url: create_admin_users_path, do |f| %>
# your fields name, password, etc
<% end %>
以下是我从@widjalayd获得的灵感提出的解决方案 创建以下自定义管线
post '/users/:id/make_admin', to: 'users#make_admin', as: :make_admin
delete '/users/:id/remove_admin', to: 'users#remove_admin', as: :remove_admin
post '/users/:id/make_excom', to: 'users#make_excom', as: :make_excom
delete '/users/:id/remove_excom', to: 'users#remove_excom', as: :remove_excom
def make_admin
@user = User.find(params[:id])
@user.admin = true
@user.save
flash[:success] = "#{@user.name} is now an Admin"
redirect_to users_url
end
def remove_admin
@user = User.find(params[:id])
@user.admin = false
@user.save
flash[:success] = "#{@user.name} is no longer an Admin"
redirect_to users_url
end
def make_excom
@user = User.find(params[:id])
@user.excom = true
@user.save
flash[:success] = "#{@user.name} is now an Executive Committee Member"
redirect_to users_url
end
def remove_excom
@user = User.find(params[:id])
@user.excom = false
@user.save
flash[:success] = "#{@user.name} is no longer an Executive Committee Member"
redirect_to users_url
end
<li>
<%= gravatar_for user, size: 50 %>
<%= link_to user.name, user %>
<% if current_user.admin? && !current_user?(user) %>
|
<%= link_to "Delete", user, method: :delete,
data: { confirm: "You sure?" } %>
|
<% if user.admin? %>
<%= link_to "Remove Admin", remove_admin_path(user), method: :delete,
data: { confirm: "You sure?" } %>
<% else %>
<%= link_to "Make Admin", make_admin_path(user), method: :post,
data: { confirm: "You sure?" } %>
<% end %>
|
<% if user.excom? %>
<%= link_to "Remove Excom", remove_excom_path(user), method: :delete,
data: { confirm: "You sure?" } %>
<% else %>
<%= link_to "Make Excom", make_excom_path(user), method: :post,
data: { confirm: "You sure?" } %>
<% end %>
<% end %>
</li>
这可能是对“良好/可维护”代码和“rails方式”的限制,这就是我提出这个问题的原因。但由于这是可行的,而且比学习和建立一个完整的角色系统(如Desive)花费的时间要少得多,所以我现在将坚持使用它。如果我需要进行任何重大更改,那么我可能会切换到Desive。你能像刚才那样公开你的代码吗?这是正确的,但想法是让现有用户成为管理员,而不是创建新用户。
post '/users/:id/make_admin', to: 'users#make_admin', as: :make_admin
delete '/users/:id/remove_admin', to: 'users#remove_admin', as: :remove_admin
post '/users/:id/make_excom', to: 'users#make_excom', as: :make_excom
delete '/users/:id/remove_excom', to: 'users#remove_excom', as: :remove_excom
def make_admin
@user = User.find(params[:id])
@user.admin = true
@user.save
flash[:success] = "#{@user.name} is now an Admin"
redirect_to users_url
end
def remove_admin
@user = User.find(params[:id])
@user.admin = false
@user.save
flash[:success] = "#{@user.name} is no longer an Admin"
redirect_to users_url
end
def make_excom
@user = User.find(params[:id])
@user.excom = true
@user.save
flash[:success] = "#{@user.name} is now an Executive Committee Member"
redirect_to users_url
end
def remove_excom
@user = User.find(params[:id])
@user.excom = false
@user.save
flash[:success] = "#{@user.name} is no longer an Executive Committee Member"
redirect_to users_url
end
<li>
<%= gravatar_for user, size: 50 %>
<%= link_to user.name, user %>
<% if current_user.admin? && !current_user?(user) %>
|
<%= link_to "Delete", user, method: :delete,
data: { confirm: "You sure?" } %>
|
<% if user.admin? %>
<%= link_to "Remove Admin", remove_admin_path(user), method: :delete,
data: { confirm: "You sure?" } %>
<% else %>
<%= link_to "Make Admin", make_admin_path(user), method: :post,
data: { confirm: "You sure?" } %>
<% end %>
|
<% if user.excom? %>
<%= link_to "Remove Excom", remove_excom_path(user), method: :delete,
data: { confirm: "You sure?" } %>
<% else %>
<%= link_to "Make Excom", make_excom_path(user), method: :post,
data: { confirm: "You sure?" } %>
<% end %>
<% end %>
</li>
test "admins should be able to make and remove new admins" do
log_in_as(@user)
post make_admin_path(@other_user)
assert @other_user.reload.admin?
delete remove_admin_path(@other_user)
assert_not @other_user.reload.admin?
end
test "non admins can't make or remove admins" do
log_in_as(@other_user)
delete remove_admin_path(@user)
assert @user.reload.admin?
post make_admin_path(@another_user)
assert_not @another_user.reload.admin?
end
test "admins should be able to make and remove executive committee" do
log_in_as(@user)
post make_excom_path(@another_user)
assert @another_user.reload.excom?
delete remove_excom_path(@another_user)
assert_not @another_user.reload.excom?
end
test "non admins can't make or remove executive committee" do
log_in_as(@another_user)
post make_excom_path(@user)
assert_not @user.reload.excom?
delete remove_excom_path(@other_user)
assert @other_user.reload.excom?
end