我在轨应用程序中安装设计。如果用户登录,他可以访问所有其他用户编辑页面。设计不控制确切的编辑用户的编号
例如,我是user_id 2,我可以编辑用户的配置文件1/3/4/5 .....当我在路线中手动修改参数。
这里我的应用程序控制器:
class ApplicationController < ActionController::Base
protect_from_forgery
before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
# For additional fields in app/views/devise/registrations/new.html.erb
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :company, :position, :office_phone, :mobile_phone, :address, :description, :radius, :photo_company_logo, :photo_presentation, photos_projet_1: [], photos_projet_2: [], photos_projet_3: [], photos_projet_4: []])
# For additional in app/views/devise/registrations/edit.html.erb
devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :company, :position, :office_phone, :mobile_phone, :address, :description, :radius, :photo_company_logo, :photo_presentation, photos_projet_1: [], photos_projet_2: [], photos_projet_3: [], photos_projet_4: []])
end
end
这里我的用户控制器:
class UsersController < ApplicationController
skip_before_action :authenticate_user!, only: [:index, :show]
before_action :set_user, only: [:show, :edit, :update]
def index
@client = Client.new
@users = User.all
@users = User.where.not(latitude: nil, longitude: nil)
@hash = Gmaps4rails.build_markers(@users) do |user, marker|
marker.lat user.latitude
marker.lng user.longitude
end
end
def show
@client = Client.new
@user = User.find(params[:id])
end
def new
@user = User.new
end
def create
@user = User.new(user_params)
@user.save
redirect_to users_path
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
@user.update(user_params)
redirect_to user_path(@user)
end
private
def user_params
params.require(:user).permit(:company, :first_name, :last_name, :position, :mobile_phone, :office_phone, :email, :address, :description, :radius, :nettoyage_toiture, :photo_company_logo, :photo_presentation, photos_projet_1: [], photos_projet_2: [], photos_projet_3: [], photos_projet_4: [])
end
def set_user
@user = User.find(params[:id])
end
end
这里亩用户模式:
class User < ApplicationRecord
has_attachment :photo_presentation
has_attachment :photo_company_logo
has_many :projects, dependent: :nullify
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
#geocoder for google maps
geocoded_by :address
after_validation :geocode, if: :address_changed?
end
这里我的路线:
Rails.application.routes.draw do
ActiveAdmin.routes(self)
devise_for :users
root to: 'pages#home'
resources :users do
resources :projects
end
resources :clients, only: [:new, :create, :show]
mount Attachinary::Engine => "/attachinary"
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
end
非常感谢!
你能分享你的路线吗? – whodini9
嗨whodini,在这里我的路线: – Tana
Rails.application.routes.draw做 ActiveAdmin.routes(个体经营) devise_for:用户 根: '网页#家' 资源:用户做 资源:项目 结束 资源:clients,only:[:new,:create,:show] mount Attachinary :: Engine =>“/ attachinary” #有关此文件中可用的DSL的详细信息,请参阅http://guides.rubyonrails.org/ routing.html end – Tana