主页 / 问题 / 579247
Accepted
Silentium
Asked:2020-10-17 21:53:28 +0000 UTC2020-10-17 21:53:28 +0000 UTC

管理员如何编辑用户帖子?

  • 772

有用户,用户中有admin

 add_column :users, :admin, :boolean, :default => false

管理员如何编辑用户帖子?

before_action :correct_user,   only: [:edit, :destroy]

def edit
   @posts = current_user.posts
end
def update
   @post = current_user.posts
   if @post.update(post_params)
      ...
   else
      render :edit
   end
end

def correct_user
    if current_user.admin?
      current_user.admin == current_user
    else
      @post= current_user.posts.find_by(id: params[:id])
    end
end



<%= simple_form_for @post, :html => { :multipart => true } do |f| %>
  ...
<% end %>
ruby-on-rails

1 个回答

  1. Best Answer

    这应该是这样的:

    您可以使用pundit gem检查实体的权限。

    # app/policies/post_policy.rb
class PostPolicy < ApplicationPolicy
  def update?
    user.admin?
  end
end

# app/controllers/posts_controller.rb
class PostsController < ApplicationController
  before_action :set_and_authorize_post, only: [:edit, :update]

  def edit
  end

  def update
    if @post.update(post_params)
      ...
    else
      render :edit
    end
  end

  private

  def set_and_authorize_post
    @post = Post.find(params[:id])
    authorize @post
  end
end
    • 2

相关问题