Ruby on rails 把某些路线固定在轨道上
我的路由文件中有以下内容:Ruby on rails 把某些路线固定在轨道上,ruby-on-rails,Ruby On Rails,我的路由文件中有以下内容: devise_for :users, :controllers => { :registrations => "users/registrations", :sessions => "users/sessions", :omniauth_callbacks => "users/omniauth_callbacks" } devise_scope :user do get 'sign_in', :to => 'users/sessio
devise_for :users, :controllers => { :registrations => "users/registrations",
:sessions => "users/sessions",
:omniauth_callbacks => "users/omniauth_callbacks" }
devise_scope :user do
get 'sign_in', :to => 'users/sessions#new', :as => :new_user_session
get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
end
现在我补充说:
resources :users
因为我希望管理员用户能够看到所有用户
在坎坎我有这样一个:
class Ability
include CanCan::Ability
def initialize(user)
if user
if user.admin?
can :manage, :all
end
can [:read, :edit, :update], User, :id => user.id
end
can [:create], User
end
end
这足够安全吗?我是否应该在UserController中添加一个before_过滤器来阻止对新创建路由的调用?像这样的?问题是用户不能再更改自己的个人资料了
before_filter :check_rights
private
def check_rights
unless current_user.admin
redirect_to root_path
end
end
找到了解决办法。before_过滤器完全正确 我补充说
resources :users
在设计部分之前,您需要将其放在该部分之后,然后用户仍然可以更改自己的配置文件,但不能进入索引