Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/ruby-on-rails/65.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ruby on rails 把某些路线固定在轨道上_Ruby On Rails - Fatal编程技术网
Fatal编程技术网

Ruby on rails 把某些路线固定在轨道上

ruby-on-rails

Ruby on rails 把某些路线固定在轨道上,ruby-on-rails,Ruby On Rails,我的路由文件中有以下内容: devise_for :users, :controllers => { :registrations => "users/registrations", :sessions => "users/sessions", :omniauth_callbacks => "users/omniauth_callbacks" } devise_scope :user do get 'sign_in', :to => 'users/sessio

我的路由文件中有以下内容:

devise_for :users,  :controllers => { :registrations => "users/registrations",
:sessions => "users/sessions",
:omniauth_callbacks => "users/omniauth_callbacks" }
devise_scope :user do
  get 'sign_in', :to => 'users/sessions#new', :as => :new_user_session
  get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
end
现在我补充说:

resources :users
因为我希望管理员用户能够看到所有用户

在坎坎我有这样一个:

class Ability
  include CanCan::Ability

  def initialize(user)
    if user
      if user.admin?
        can :manage, :all
      end
      can [:read, :edit, :update], User, :id => user.id
    end
    can [:create], User
  end
end
这足够安全吗?我是否应该在UserController中添加一个before_过滤器来阻止对新创建路由的调用?像这样的?问题是用户不能再更改自己的个人资料了

before_filter :check_rights

private
  def check_rights
    unless current_user.admin
      redirect_to root_path
    end
  end
找到了解决办法。before_过滤器完全正确

我补充说

resources :users
在设计部分之前,您需要将其放在该部分之后,然后用户仍然可以更改自己的配置文件,但不能进入索引