0
我在軌應用程序中安裝設計。如果用戶登錄,他可以訪問所有其他用戶編輯頁面。設計不控制確切的編輯用戶的編號
例如,我是user_id 2,我可以編輯用戶的配置文件1/3/4/5 .....當我在路線中手動修改參數。
這裏我的應用程序控制器:
class ApplicationController < ActionController::Base
protect_from_forgery
before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
# For additional fields in app/views/devise/registrations/new.html.erb
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :company, :position, :office_phone, :mobile_phone, :address, :description, :radius, :photo_company_logo, :photo_presentation, photos_projet_1: [], photos_projet_2: [], photos_projet_3: [], photos_projet_4: []])
# For additional in app/views/devise/registrations/edit.html.erb
devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :company, :position, :office_phone, :mobile_phone, :address, :description, :radius, :photo_company_logo, :photo_presentation, photos_projet_1: [], photos_projet_2: [], photos_projet_3: [], photos_projet_4: []])
end
end
這裏我的用戶控制器:
class UsersController < ApplicationController
skip_before_action :authenticate_user!, only: [:index, :show]
before_action :set_user, only: [:show, :edit, :update]
def index
@client = Client.new
@users = User.all
@users = User.where.not(latitude: nil, longitude: nil)
@hash = Gmaps4rails.build_markers(@users) do |user, marker|
marker.lat user.latitude
marker.lng user.longitude
end
end
def show
@client = Client.new
@user = User.find(params[:id])
end
def new
@user = User.new
end
def create
@user = User.new(user_params)
@user.save
redirect_to users_path
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
@user.update(user_params)
redirect_to user_path(@user)
end
private
def user_params
params.require(:user).permit(:company, :first_name, :last_name, :position, :mobile_phone, :office_phone, :email, :address, :description, :radius, :nettoyage_toiture, :photo_company_logo, :photo_presentation, photos_projet_1: [], photos_projet_2: [], photos_projet_3: [], photos_projet_4: [])
end
def set_user
@user = User.find(params[:id])
end
end
這裏畝用戶模式:
class User < ApplicationRecord
has_attachment :photo_presentation
has_attachment :photo_company_logo
has_many :projects, dependent: :nullify
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
#geocoder for google maps
geocoded_by :address
after_validation :geocode, if: :address_changed?
end
這裏我的路線:
Rails.application.routes.draw do
ActiveAdmin.routes(self)
devise_for :users
root to: 'pages#home'
resources :users do
resources :projects
end
resources :clients, only: [:new, :create, :show]
mount Attachinary::Engine => "/attachinary"
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
end
非常感謝!
你能分享你的路線嗎? – whodini9
嗨whodini,在這裏我的路線: – Tana
Rails.application.routes.draw做 ActiveAdmin.routes(個體經營) devise_for:用戶 根: '網頁#家' 資源:用戶做 資源:項目 結束 資源:clients,only:[:new,:create,:show] mount Attachinary :: Engine =>「/ attachinary」 #有關此文件中可用的DSL的詳細信息,請參閱http://guides.rubyonrails.org/ routing.html end – Tana