允许用户仅从索引编辑/销毁自己的配置文件

发布于 2024-11-04 09:01:00 字数 695 浏览 3 评论 0原文

如何授予在 Rails 用户索引中按用户编辑/销毁链接的权限?

我使用 Rails3、Devise 和 CanCan 来定义基于角色的能力。

我希望当前用户能够在用户索引页面中查看并访问用于编辑/删除其个人资料的链接。他们不应该能够看到或访问所有其他用户的这些链接。

我在索引视图中设置了以下内容:

<% if can? :update, @user %>
     <%= link_to 'Edit', edit_user_registration_path(@user) %> | 
<% end %>

在powered.rb 中,

def initialize(user) 
    can :update, User, :id => user.id
    if user.role? :super_admin
       can :manage, :all
    end
end

我的超级管理员可以查看和编辑索引中所有用户的链接。

我的用户看不到任何人的链接,甚至他们自己也看不到。

我读得越多,就越感到困惑,devise、cancan 和用户模型都在发挥作用。

我希望得到一些确认,证明我走在正确的轨道上,并且感谢任何指向有助于我理解这一点的有用信息的指示。

非常感谢

How do I grant permission to edit/ destroy links on a by-user basis in the user index of rails?

I'm using Rails3, Devise and CanCan to define role based abilities.

I'd like the current user to be able to see and access a link to edit/delete their profile in the user index page. They should not be able to see or access these links for all other users.

I've set up the following in the index view:

<% if can? :update, @user %>
     <%= link_to 'Edit', edit_user_registration_path(@user) %> | 
<% end %>

And in abilities.rb

def initialize(user) 
    can :update, User, :id => user.id
    if user.role? :super_admin
       can :manage, :all
    end
end

My superadmin can see and edit links for all users in the index.

My user can see links for no one, not even themselves.

The more I read around this the more confused I get, what with devise, cancan and the user model all playing a role.

I'd appreciate some confirmation that I'm on the right track, and would be grateful for any pointers towards useful information that would help me understand this.

Many thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

つ低調成傷 2024-11-11 09:01:00

就在能力.rb 中

can :manage, User do |u|
  u.id == user.id
end

如果你想通过 ID 去,

。你的观点对我来说看起来不错。

In abilities.rb

can :manage, User do |u|
  u.id == user.id
end

if you want to go by ID.

Your view looks good to me.

一城柳絮吹成雪 2024-11-11 09:01:00

这完全是盲目的,但也许它有效:

<% if can?(:update, @user) || @user==current_user %>
     <%= link_to 'Edit', edit_user_registration_path(@user) %> | 
<% end %>

current_user 替换为当前登录用户的内容。

This is a total blind shot, but maybe it works:

<% if can?(:update, @user) || @user==current_user %>
     <%= link_to 'Edit', edit_user_registration_path(@user) %> | 
<% end %>

Replace current_user with whatever holds the currently logged in user.

傲性难收 2024-11-11 09:01:00

尝试一下,看看它是否有效(如果您仍然遇到这个问题。)我认为您的常规用户不应该在 if 语句之外。(根据您的需要更改变量。)

def initialize(user)
 user ||= User.new #guest user
  if user.role? :super_admin
   can :manage, :all
  else
   can :update, User, :id => user.id
   can :read, :all # you can try it with this line removed at first
  end
end

Try this and see if it works (if you are still having this issue.) I don't think your regular user should be outside the if statement.(change the variable as you see fit.)

def initialize(user)
 user ||= User.new #guest user
  if user.role? :super_admin
   can :manage, :all
  else
   can :update, User, :id => user.id
   can :read, :all # you can try it with this line removed at first
  end
end
来日方长 2024-11-11 09:01:00

你自己也很困惑,这样一来,你的处境就会变得更加困难。
在某一时刻你说,

我希望当前用户能够
查看并访问链接
编辑/删除用户中的个人资料
索引页。他们不应该能够
所有人都可以查看或访问这些链接
其他用户。

另一方面,

我的超级管理员可以查看和编辑链接
对于索引中的所有用户。我的用户
没有人可以看到链接,甚至连
他们自己

明白你想说什么。您希望:

  1. 超级管理员可以看到任何内容的所有链接,并且
  2. 用户只能看到自己的链接,而其他人都看不到,而且也只能编辑和更新个人资料,甚至您可以添加删除帐户链接。但主要的问题是用户只能看到他/她的个人资料上的链接,而看不到其他地方的链接。

需要考虑的一些要点:

您是否在能力类别中正确分配了能力。在您的代码中查找类似的内容,并查看它是否在控制台中有效。

def current_ability
  @current_ability ||= Ability.new(current_user)
end

如果是,请继续执行此部分:

can :manage, User do |user|
  user == current_user #Assign the abilities for the user, here only,
# no need to match the id for each view in the link.
end

如果仍然不起作用,请休息一段时间,再次浏览这些链接,我知道这可能真的很令人困惑,但相信我,您已经非常接近了。

Wiki - 定义能力
Wiki - 更改默认值

当您到达那里时,您愿意与我分享吗,你如何做整件事的方法。我很想听听你的消息。

You are confused yourself and this way, you are making it even more difficult for you.
At one point you are saying,

I'd like the current user to be able
to see and access a link to
edit/delete their profile in the user
index page. They should not be able to
see or access these links for all
other users.

On the other hand,

My superadmin can see and edit links
for all users in the index. My user
can see links for no one, not even
themselves

I understand what you are trying to say. You want:

  1. SuperAdmin can see all links for anything, and
  2. A user can only see links for himself, and no one else, and that too, only the edit and update profile or even you could add the delete account links. But the main concern is that a user can only see links on his/her profile and no where else.

Some points to consider:

Did you assign the abilities properly in the Ability class. Look for something like this in your code, and see if it works in the console.

def current_ability
  @current_ability ||= Ability.new(current_user)
end

If yes, move on to this part:

can :manage, User do |user|
  user == current_user #Assign the abilities for the user, here only,
# no need to match the id for each view in the link.
end

If it still doesn't work, take some time off, go through these links again, I know it can be really confusing, but believe me you are quite close.

Wiki - Defining-Abilities
Wiki - Changing-Defaults

When you get there, would you like to share with me, your approach of how you did the whole thing. I would love to hear from you.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文