使用 Devise，如何使用户只能编辑/查看属于他们的项目

发布于 2024-12-11 02:15:43 字数 624 浏览 0 评论 0原文

我已经被这个问题困扰了一段时间了，所以我想我应该向专家请教。

我试图让用户只能编辑/查看他们使用 Devise 创建的项目。

我已经设置了用户并且运行良好。项目是由与其关联的用户创建的，我可以通过 Rails 控制台验证这一点。

def create
 @item = Item.new(params[:item])
 @item.user = current_user
end

我现在想做的是让用户登录后只能看到他们创建的项目，而看不到其他项目。

在我的 Items 控制器中尝试替换：

def index
 @items = Items.all
end

with

def index
 @items = current_user.Items.find(params[:id])
end

但这似乎对我不起作用，我得到

undefined method `Items' for #<User:0x007fdf3ea847e0>

任何人都可以提供有关下一步尝试什么的建议吗？

非常感谢。

原文

I've been struggling with this for a while now, so I thought I'd ask the experts.

I am trying to make it so that Users can only edit/view Items that they have created using Devise.

I have Users set up and working well. Items are being created with a user associated with them and I can verify this via rails console.

def create
 @item = Item.new(params[:item])
 @item.user = current_user
end

What I am trying to do now is to make it so that once logged in, users can only see the items that they have created, and no others.

In my Items controller have tried replacing:

def index
 @items = Items.all
end

with

def index
 @items = current_user.Items.find(params[:id])
end

but this doens't seem to work for me and I get

undefined method `Items' for #<User:0x007fdf3ea847e0>

Can anyone offer any advice as to what to try next?

Thanks so much.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

半山落雨半山空 2024-12-18 02:15:43

也许我是老派，但我不会使用 current_user 来查找记录，仅用于验证权限。我将直接使用主键关系（它们不会改变）：
@items = Item.find(:all, :conditions => { :user_id => current_user[:id] }

或者

@items = Item.find_all_by_user_id current_user[:id]

至于设置权限，devise 实际上不允许你这样做，但是有一个名为 Cancan 的优秀补充，你绝对应该研究它，使用 Cancan，你将有一个能力.rb 类来定义你的权限。您正在寻找的内容将变为：

class Ability
  can [:read, :show, :edit, :update, :delete, :destroy], Item do |item|
    item.user_id == user.id
  end

  # or
  can :manage, Item do |item|
    item.user_id == user.id
  end
end

阅读 Cancan 文档将澄清上面的代码。

Maybe I`m old school but I would not use current_user to find records, only to verify permissions. I would use the primary key relationships directly (they don't change):
@items = Item.find(:all, :conditions => { :user_id => current_user[:id] }

@items = Item.find_all_by_user_id current_user[:id]

As for setting permissions, devise actually doesn`t let you do that BUT there is the excellent supplement called Cancan, you should definitely look into it. With Cancan, you will have an ability.rb class that will define your permissions. What you are looking for then becomes:

class Ability
  can [:read, :show, :edit, :update, :delete, :destroy], Item do |item|
    item.user_id == user.id
  end

  # or
  can :manage, Item do |item|
    item.user_id == user.id
  end
end

reading the Cancan docs would clarify the code above.

回复收藏 0 原文