设计:限制管理员的操作
按照此处的指南,我使用迁移向我的数据库添加了一个布尔属性:
rails generate migration add_admin_to_user admin:boolean
我已通过 Rails 控制台将我的帐户配置为管理员 (admin = 1)。我有一个控制器,我想限制仅管理员对某些操作(新建、编辑、创建和销毁)的访问。
我还将拥有普通用户,我只想限制管理员仅在此控制器中访问这些操作。目前,我正在使用以下代码:
before_filter :authenticate_user!, :only => [:new, :edit, :create, :destroy]
这限制了注册用户的访问 - 我如何更进一步并需要管理员?
Following the guide here, I added a boolean attribute to my database using a migration:
rails generate migration add_admin_to_user admin:boolean
I've configured my account to be an admin (admin = 1) via Rails console. I have a controller that I want to restrict access to certain actions (new, edit, create, and destroy) for administrators only.
I'll also have normal users, I just want to restrict access to these actions for admins only in this controller. Currently, I'm using the code:
before_filter :authenticate_user!, :only => [:new, :edit, :create, :destroy]
Which restricts access to registered users -- how do I take this a step further and require admins?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以使用 .admin? 轻松实现自己的 before_filter 以仅允许管理员用户访问。与您的用户模型关联的方法。例如:
you can easily implement your own before_filter to allow access to only admin users by using the .admin? method associated with your user model. for instance:
您需要在 before 过滤器中定义自己的方法,然后在调用 :authenticate_user! 之前在该方法中检测用户是否是管理员。
您将需要执行authenticate_user!检查 current_user 变量之前的步骤。
伊恩。
You will want to define your own method in the before filter and then detect whether the user is an admin or not in that method prior to calling :authenticate_user!
You will want to do the authenticate_user! step prior to checking the current_user variable.
ian.