Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
IlyaMalyukov2020-12-11 22:59:37
Ruby on Rails
IlyaMalyukov, 2020-12-11 22:59:37

How to restrict actions of users with certain roles in Rails?

On the main page there is a button "Create ad"

<% if current_user %>
  <%= link_to 'Создать', new_task_path, class:"btn btn-success" %>
<% end %>


I want this button to be visible only to users with client status.

In the views associated with the users controller, the following code works
<% if current_user.role == "client" %>
 <p>Проверка. Вы клиент</p>
<% end %>

In views associated with the tasks controller, this code does not work.

For a long time I thought about how to fix this, but so far it has not happened. Just recently started learning Rails.

users_controller
class UsersController < ApplicationController
  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
  before_action :correct_user, only: [:edit, :update]
  before_action :admin_user, only: :destroy

  def index
    @users = User.all
  end

  def show
    @user = User.find(params[:id])
    @tasks = @user.tasks.paginate(page: params[:page])
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)
    if @user.save
      log_in @user
     # @user.send_activation_email (log_in @user нужно удалить)
     # flash[:info] = "Пожалуйста, проверьте вашу электронную почту для активации аккаунта."
      redirect_to root_url
    else
      render 'new'
    end
  end

  def edit
    @user = User.find(params[:id])
  end

  def update
    @user = User.find(params[:id])
    if @user.update_attributes(user_params)
      flash[:success] = "Профиль обновлён!"
      redirect_to @user
    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "Пользователь удалён"
    redirect_to users_url
  end

  private

  def user_params
    params.require(:user).permit(:login, :fullname, :email,
    :address, :city, :state, :country, :zip, :role,
    :password, :password_confirmation)
  end

  # Предварительные фильтры

  # Подтверждает права пользователя.
  def correct_user
    @user = User.find(params[:id])
    redirect_to(root_url) unless current_user?(@user)
  end

end


tasks_controller
class TasksController < ApplicationController
  before_action :set_task, only: [:show, :edit, :update, :destroy, :reply]
  before_action :logged_in_user, only: [:create, :destroy]
  before_action :correct_user, only: :destroy


  def index
    @tasks = Task.all
  end


  def show
  end

  def reply
    if current_user.voted_up_on? @task
      @task.downvote_by current_user
    elsif current_user.voted_down_on? @task
      @task.upvote_by current_user
    else #not voted
      @task.upvote_by current_user
    end
    respond_to do |format|
      format.js
    end
  end

  def new
    @task = Task.new
  end

  def edit
    if @task.user_id == current_user.id
      #OK
    else
      redirect_to root_path, notice: 'Вы не автор этого задания!'
    end
  end

  def create
    @task = current_user.tasks.build(task_params)
    @task.user_id = current_user.id

    respond_to do |format|
      if @task.save
        format.html { redirect_to @task, notice: 'Задание опубликовано!' }
        format.json { render :show, status: :created, location: @task }
      else
        format.html { render :new }
        format.json { render json: @task.errors, status: :unprocessable_entity }
      end
    end
  end

  def update
    if @task.user_id == current_user.id
    respond_to do |format|
      if @task.update(task_params)
        format.html { redirect_to @task, notice: 'Задание обновлено!' }
        format.json { render :show, status: :ok, location: @task }
      else
        format.html { render :edit }
        format.json { render json: @task.errors, status: :unprocessable_entity }
      end
    end
    else
      redirect_to root_path, notice: 'Вы не автор этого задания!'
    end
  end

  def destroy
    if @task.user_id == current_user.id
    @task.destroy
    respond_to do |format|
      format.html { redirect_to tasks_url, notice: 'Задание удалено!' }
      format.json { head :no_content }
    end
    else
      redirect_to root_path, notice: 'Вы не автор этого задания!'
    end
  end

  private

    def set_task
      @task = Task.find(params[:id])
    end

    def task_params
      params.require(:task).permit(:title, :content)
    end

    def correct_user
      @task = current_user.tasks.find_by(id: params[:id])
      redirect_to root_url if @task.nil?
    end
end

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
IlyaMalyukov, 2020-12-12
@IlyaMalyukov

Moved this button to the user profile page.
This page is associated with the users controller.
Everything works as it should

Similar questions
M
Millerish2016-06-22 16:49:09
How to properly build an application in py2exe? 2Reply
B
beginner2016-01-08 17:40:48
How to implement emojis (emoticons) in RoR and display a list of emoticons? 1Reply
D
Denis Savitsky2013-01-23 12:54:34
What can replace "drop_receiving_element" for compatibility with Rails 3+? 1Reply
B
Bogdan2018-05-17 19:47:12
Delete the previous message in the channel and not output bot commands? 0Reply
D
DieZz2016-01-11 19:56:26
How to fix database connection error after migrating Redmine? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question