Admin Change Approval Status of User - Rails + Dev

2020-05-07 08:17发布

站内问答 / 前端开发
1034 1 5

I followed this link to figure out how to have an admin approve a new user. I have an approved attribute on my User model that is a boolean.

2 problems - 1) when I'm logged in as admin and go to the edit user via the link_to "Edit", edit_user_path(user) to change approved user - the url is for the correct user but then the update action tries to update the current admin user.

2) I would prefer to have the override of the needed current password so I've put a method in the Registrations controller to do this below but get this error:

error:unknown attribute 'current_password' for User.

So it won't override the current_password and it won't update the correct non-admin user - Where am I going wrong?

class Ability
      include CanCan::Ability

      def initialize(user)

       current_user ||= User.new # guest user (not logged in)
        if current_user.admin == true
          can :manage, :all
        else
          can :manage, User, id: user.id
        end       
      end
    end

Routes

Rails.application.routes.draw do
  devise_for :users, controllers: { registrations: 'registrations' }
  resources :users
end

Controller

class RegistrationsController < Devise::RegistrationsController

  def update_resource(resource, params)
    resource.update_without_password(params) if current_user.admin == true
  end
end

1条回答
Melony?
2楼-- · 2020-05-07 08:43

I spent a lot of time trying to solve this and didn't find any definitive, end-to-end complete examples online so I'm putting everything below so any new users to RoR/Devise hopefully won't have same problems.

Assuming Devise is on the User model. Ensure your Cancancan is setup accordingly. Something similar to this:

models/ability.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    current_user ||= User.new # guest user (not logged in)
    if current_user.admin
      can :manage, :all
    else
      can :manage, User, id: user.id
    end
 end
end

Follow the steps in here

He mentions have an 'admin-accessible only' page. In case someone's not sure how to do this:

class UsersController < ApplicationController
  before_action :admin?, only: :index

  def index
    if params[:approved] == false
      @users = User.where(approved: false)
    else
      @users = User.all
    end
  end

private
  def admin?
    redirect_to '/login' unless current_user.admin == true
  end

end

Replace this line (I use .erb not .haml as he does in the link) %td= link_to "Edit", edit_user_path(user) with this: <%= User.approved %>

          <td>
            <% if !User.approved %>
              <%= link_to "Approve User", user_path(:id => user.id, "user[approved]" => true), :method => :patch, class: "btn btn-success" %>
            <% else %>
              <%= link_to "Unapprove User", user_path(:id => user.id, "user[approved]" => false), :method => :patch, class: "btn btn-danger" %>
            <% end %>
          </td>

This essentially gives you a button that when clicked, will approve the user and visa-versa. The key here that tripped me up for days is that a) You have to ensure that your form (in this case, the link_to hits the Users controller and NOT the RegistrationsController#update method.

I know some online links gave instructions to create a Registrations model and changing routes, overriding models, etc.

Honestly, my final solution didn't need any of that. Hope this helps!

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)