ruby-on-rails – rails 3管理员编辑另一个用户

我希望管理员用户编辑其他用户.我怎样才能做到这一点?

有一个名为role的字符串属性的User模型,它可以是3个东西:“admin”,“developer”,“client”.我希望管理员可以更改开发人员和客户的信息.管理员无法看到对方,所以这不会是一个问题.

user.rb

class User < ActiveRecord::Base
  attr_accessible :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id, :company
  belongs_to :company
  validates_inclusion_of :role, :in => ["admin", "developer", "client"], presence: true
end

index.html.erb

<table class="pretty" border="1" cellpadding="10">  
  <tr>
    <th></th>
    <th><%= sortable "name" %></th>
    <th><%= sortable "email" %></th>
    <th><%= sortable("name", "Company") %></th>
    <th></th>
    <th></th>
  </tr>  

  <% for user in @users %>  
  <tr class="<%= cycle('oddrow', 'evenrow') -%>">
    <td><%= gravatar_for user %></td>
    <td><%= link_to user.name, user %></td>
    <td><%= user.email %></td>
    <td><%= user.company.name unless user.company_id.blank? %></td>
    <td><% if (current_user.role == "admin") || ( ( (current_user.role == "developer") && !current_user?(user) ) && (user.boss_id == current_user.id) ) %>
        <%= link_to "delete", user, method: :delete,
                              data: { confirm: "You sure?" } %>
        <% end %></td>
    <td><% if (current_user.role == "admin") %>
        <%= link_to "reset password", user, method: :update %>   ###this is where admin will edit another user
        <% end %></td>
  </tr>
  <% end %>
</table>

使用此代码,当我单击重置密码时,它会显示:

路由错误

没有路由匹配[POST]“/ users / 1”

编辑:config / routes.rb

SampleApp::Application.routes.draw do

  #get "confs/new"

  resources :users
  resources :sessions, only: [:new, :create, :destroy]
  resources :companies

  root   to: 'sessions#new'

  match '/home' , to: 'static_pages#home'

  match '/help' ,  to: 'static_pages#help'

  match '/about' ,  to: 'static_pages#about'

  match '/contact' , to: 'static_pages#contact'

  match '/buttons' , to: 'static_pages#buttons'

  match '/signup' , to: 'users#newuser'

  match '/signin' , to: 'sessions#new'

  match '/signout', to: 'sessions#destroy' , via: :delete

  match '/developers', to: 'users#developers'

  match '/clients', to: 'users#clients'

  match '/downloads', to: 'confs#downloads'

  match '/new_company', to: 'companies#new'

  match '/resellers', to: 'companies#resellers'

  match '/companies_own', to: 'companies#owns'

  match '/conf_new', to: 'confs#new'

  match '/conf_show_all', to: 'confs#index'

  match '/conf_show_own', to: 'confs#own'

  match '/conf_show', to: 'confs#show'

  resources :confs do
    member do
      get :download
    end
  end
end

编辑2:耙路线| grep用户

users     GET     /users(.:format)              users#index
          POST    /users(.:format)              users#create
new_user  GET     /users/new(.:format)          users#new
edit_user GET     /users/:id/edit(.:format)     users#edit
     user GET     /users/:id(.:format)          users#show
          PUT     /users/:id(.:format)          users#update
          DELETE  /users/:id(.:format)          users#destroy
   signup         /signup(.:format)             users#newuser
developers        /developers(.:format)         users#developers
  clients         /clients(.:format)            users#clients

EDIT3:users_controller.rb

class UsersController < ApplicationController
  before_filter  :signed_in_user, only:[:index, :edit, :update, :destroy]
  before_filter  :correct_user,   only:[:edit, :update]
  before_filter  :admin_user,     only:[:edit, :destroy]

  def show
    @user = User.find(params[:id])
  end

  def newuser
    @user = User.new
  end

  def create
    @user = User.new(user_params)

     if @user.save
        #sign_in @user
        flash[:success] = "Welcome to the ManusWeb!"
          redirect_to @user
     else
          render 'newuser'
     end
  end

  helper_method :sort_column, :sort_direction
  def index
    @users = User.where(:role => "client").
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def developers
    @users = User.where(:role => "developer").
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def clients
    @users = User.where(:boss_id => codevelopers.map(&:id)).
                  search(params[:search]).
                  order(sort_column + ' ' + sort_direction).
                  paginate(:per_page => 10, :page => params[:page])
  end

  def codevelopers
    @users = User.where(:company_id => current_user.company_id)
  end

  def edit

  end


  def update

    if @user.update_attributes(user_params)
      # Handle a successful update.
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user

    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User deleted"
    redirect_to users_url
  end

  def client
    current_user.role == "client"
  end


  private

  def signed_in_user
    unless signed_in?
      store_location
      redirect_to signin_url, notice: "Please sign in"    
    end
  end


  def correct_user
    @user = User.find(params[:id])  
    redirect_to root_url, notice: "You are not authorized to request this page"  unless current_user?(@user)

  end

  def admin_user
    redirect_to(root_path) unless (current_user.role == "admin")
  end

  def sort_column
    (( User.column_names.include?(params[:sort]) ) || ( Company.column_names.include?(params[:sort]) )) ? params[:sort] : "name"
  end

  def sort_direction
    %w[asc desc].include?(params[:direction]) ? params[:direction] : "asc"
  end

  def user_params
    params.require(:user).permit( :email, :name, :password, :password_confirmation, :role, :company_id, :boss_id ) if params[:user]
  end

end
最佳答案
将“重置密码”链接更改为以下内容:

<%= link_to "reset password", edit_user_path(user) %>

将correct_user方法更改为以下内容:

def correct_user
    @user = User.find(params[:id])  
    redirect_to root_url, notice: "You are not authorized to request this page"  unless current_user.role == "admin" or current_user?(@user)
end

转载注明原文:ruby-on-rails – rails 3管理员编辑另一个用户 - 代码日志