Ruby on rails Rais应用程序用户特定索引将显示给所有用户
我制作了一个用于管理个人图书馆(书籍和漫画)的应用程序,它运行得很好,但它开始向所有用户(新的或现有的)显示给定用户介绍的所有书籍(似乎显示整个数据库);但我已经设计并实施了权威认证,到目前为止,它一直在保护用户信息。。。。需要一些帮助来解决这个问题。 代码如下,但如果需要更多,请大声喊叫。 提前谢谢 Book_controller.rb book.rbRuby on rails Rais应用程序用户特定索引将显示给所有用户,ruby-on-rails,devise,pundit,Ruby On Rails,Devise,Pundit,我制作了一个用于管理个人图书馆(书籍和漫画)的应用程序,它运行得很好,但它开始向所有用户(新的或现有的)显示给定用户介绍的所有书籍(似乎显示整个数据库);但我已经设计并实施了权威认证,到目前为止,它一直在保护用户信息。。。。需要一些帮助来解决这个问题。 代码如下,但如果需要更多,请大声喊叫。 提前谢谢 Book_controller.rb book.rb classbook
classbook csv重新分配@books实例变量时,上一个作用域将丢失。试试这样的东西:
@books=policy\u范围(Book).order(:title)
@books=@books.search_by_full_name(params[:term]),如果params[:term]。是否存在?
回应待办事项|格式|
format.html{@books=@books.paginate(page:params[:page]))
format.csv{send_data@books.to_csv}
结束
您正在多次覆盖@books
变量,而不是执行一些链接
@books=policy\u范围(Book)
@books=@books.search_by_full_name(params[:term]),如果params[:term]。是否存在?
@books=@books.order(:title)
回应。。。
结束
解决了它。。。我没有在每本书的视图/索引中应用当前用户。。。这样,每个用户都有自己的图书数据库,但当呈现索引时,它显示每个人的图书,不管是哪个用户创建的。。。大多数情况下都很简单:P您在哪里筛选登录用户?这只是获取了我假定的所有内容@books=Book.paginate(page:params[:page])
class BooksController < ApplicationController
before_action :authenticate_user!
def index
unless params[:term].present?
@books = policy_scope(Book)
else
@books = policy_scope(Book)
@books = Book.search_by_full_name(params[:term])
end
@books = Book.order(:title)
respond_to do |format|
format.html
format.csv { send_data @books.to_csv }
format.xls # { send_data @products.to_csv(col_sep: "\t") }
end
@books = Book.paginate(page: params[:page])
end
def show
@book = Book.find(params[:id])
authorize @book
end
def new
@user = User.find(params[:user_id])
@book = Book.new
authorize @book
end
def create
@user = User.find(params[:user_id])
@book = Book.new(book_params)
@book.user = @user
authorize @book
if @book.save
redirect_to user_books_path
flash[:notice] = 'Success. Your book was added to the Library'
else
render "new"
flash[:notice] = 'Book not created. Please try again'
end
end
def edit
@user = User.find(params[:user_id])
@book = Book.find(params[:id])
authorize @book
end
def update
@book = Book.find(params[:id])
@book.update(book_params)
authorize @book
redirect_to user_book_path
end
def destroy
@book = Book.find(params[:id])
@book.destroy
authorize @book
redirect_to user_books_path
end
private
def book_params
params.require(:book).permit(:title, :author, :photo, :comments)
end
end
class BookPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.where(user: user)
end
def index?
record.user == user
end
def show?
true
end
def new?
true
end
def create?
true
end
def edit?
true
end
def update?
true
end
def destroy?
record.user == user
end
end
end
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
false
end
def show?
true
end
def create?
true
end
def new?
create?
end
def update?
true
end
def edit?
update?
end
def destroy?
true
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope.all
end
end
end
class Book < ApplicationRecord
belongs_to :user
has_many :loans
has_one_attached :photo
validates :title, presence: true
validates :author, presence: true
include PgSearch::Model
pg_search_scope :search_by_full_name, against: [:title, :author],
using: {
tsearch: {
prefix: true
}
}
def self.to_csv(options = {})
CSV.generate(options) do |csv|
csv << column_names
all.each do |book|
csv << book.attributes.values_at(*column_names)
end
end
end
self.per_page = 12
end
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
after_create :send_welcome_email
has_many :books
has_many :comics
has_many :wishlists
has_many :loans, through: :books
has_one_attached :photo
private
def send_welcome_email
UserMailer.with(user: self).welcome.deliver_now
end
end