Ruby on rails rails\u admin在控制器中设置当前用户
我有一个事件模型:Ruby on rails rails\u admin在控制器中设置当前用户,ruby-on-rails,rails-admin,Ruby On Rails,Rails Admin,我有一个事件模型: class Event < ActiveRecord::Base belongs_to :author, class_name: 'User' end 在rails_admin中,当我创建一个新事件时,我不想在表单中显示author_id字段。我想在控制器中设置作者,如下所示: @e=Event.new(params) @e.author_id=current_user.id @e.save 可以在rails_admin中完成吗 我在官方wiki中发现了这一点,
class Event < ActiveRecord::Base
belongs_to :author, class_name: 'User'
end
在rails_admin中,当我创建一个新事件时,我不想在表单中显示author_id字段。我想在控制器中设置作者,如下所示:
@e=Event.new(params)
@e.author_id=current_user.id
@e.save
可以在rails_admin中完成吗
我在官方wiki中发现了这一点,但我不想使用cancan功能,也不想在表单中设置author_id字段和隐藏字段,因为这对安全性很危险,事实上,POST请求可以用自定义author_id覆盖。
我希望在控制器中简单地分配作者id。
有可能吗?我在rails\u admin中没有找到干净的方法来实现这一点。这里有一个悬而未决的问题: 这可能不是最佳选项,但您可以在创建操作中覆盖全局逻辑。看看它是如何工作的: 有一个
register\u instance\u选项:controller
块。这意味着您可以通过配置传递此选项。更多信息请点击此处:
因此,如果您确实需要它,您可以编辑/config/initializers/rails\u admin.rb
:
RailsAdmin.config do |config|
config.actions do
dashboard # mandatory
index # mandatory
new do
controller do
proc do
if request.get? # NEW
@object = @abstract_model.new
@authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
@object.send("#{name}=", value)
end
if object_params = params[@abstract_model.to_param]
@object.set_attributes(@object.attributes.merge(object_params))
end
respond_to do |format|
format.html { render @action.template_name }
format.js { render @action.template_name, layout: false }
end
elsif request.post? # CREATE
@modified_assoc = []
@object = @abstract_model.new
satisfy_strong_params!
sanitize_params_for!(request.xhr? ? :modal : :create)
@object.set_attributes(params[@abstract_model.param_key])
@authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
@object.send("#{name}=", value)
end
# customization
if @object.class == Event
# do whatever you want
end
if @object.save
@auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
respond_to do |format|
format.html { redirect_to_on_success }
format.js { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
end
else
handle_save_error
end
end
end
end
end
export
bulk_delete
show
edit
delete
show_in_app
end
end
pereleguine今天用他两年前的评论救了我一命。谢谢,谢谢 我必须做一次修改,删除参数!这又是一个相当粗糙的问题,但它是有效的:
RailsAdmin.config do |config|
config.actions do
dashboard # mandatory
index # mandatory
new do
controller do
proc do
if request.get? # NEW
@object = @abstract_model.new
@authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
@object.send("#{name}=", value)
end
if object_params = params[@abstract_model.to_param]
@object.set_attributes(@object.attributes.merge(object_params))
end
respond_to do |format|
format.html { render @action.template_name }
format.js { render @action.template_name, layout: false }
end
elsif request.post? # CREATE
@modified_assoc = []
@object = @abstract_model.new
satisfy_strong_params!
sanitize_params_for!(request.xhr? ? :modal : :create)
@object.set_attributes(params[@abstract_model.param_key])
@authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
@object.send("#{name}=", value)
end
# customization
if @object.class == Event
# do whatever you want
end
if @object.save
@auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
respond_to do |format|
format.html { redirect_to_on_success }
format.js { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
end
else
handle_save_error
end
end
end
end
end
export
bulk_delete
show
edit
delete
show_in_app
end
结束很高兴知道这是一个选项,但当只需要覆盖一个控制器的一个操作时,必须覆盖整个默认控制器似乎真的很麻烦。这肯定可以在RA中更好地实施。不过,感谢您提供的信息。@Chrisbloom7完全同意。令人烦恼的是,如果您需要调整默认的CRUD操作,这仍然是最好的解决方案。在我的例子中,有一些密码字段在提交时可以为空。将
nil
/空字符串发送到我的后端会导致验证问题,因为通常不会发送参数。我必须修改此操作以过滤掉空密码字段。
RailsAdmin.config do |config|
config.actions do
dashboard # mandatory
index # mandatory
new do
controller do
proc do
if request.get? # NEW
@object = @abstract_model.new
@authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
@object.send("#{name}=", value)
end
if object_params = params[@abstract_model.to_param]
@object.set_attributes(@object.attributes.merge(object_params))
end
respond_to do |format|
format.html { render @action.template_name }
format.js { render @action.template_name, layout: false }
end
elsif request.post? # CREATE
@modified_assoc = []
@object = @abstract_model.new
satisfy_strong_params!
sanitize_params_for!(request.xhr? ? :modal : :create)
@object.set_attributes(params[@abstract_model.param_key])
@authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
@object.send("#{name}=", value)
end
# customization
if @object.class == Event
# do whatever you want
end
if @object.save
@auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
respond_to do |format|
format.html { redirect_to_on_success }
format.js { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
end
else
handle_save_error
end
end
end
end
end
export
bulk_delete
show
edit
delete
show_in_app
end