User Status Admin Status Statement - Rails + Devise + Cancancan

Question

User Status Admin Status Statement - Rails + Devise + Cancancan

I followed this link to find out how the administrator approves the new user. I have an attribute approvedon my model Userthat is logical.

2 problems - 1) when I logged in as an administrator and went to the editing user with the help link_to "Edit", edit_user_path(user)to change the approved user - the URL for the correct user, but then the update action tries to update the current administrator user.

2) I would prefer to override the required current password, so I set the method in the controller Registrationsto do this below, but we get this error:

Error: unknown attribute 'current_password' for User.

Therefore, it will not redefine current_passwordand will not update the correct user who is not an administrator. Where am I mistaken?

class Ability
      include CanCan::Ability

      def initialize(user)

       current_user ||= User.new # guest user (not logged in)
        if current_user.admin == true
          can :manage, :all
        else
          can :manage, User, id: user.id
        end       
      end
    end

Routes

Rails.application.routes.draw do
  devise_for :users, controllers: { registrations: 'registrations' }
  resources :users
end

controller

class RegistrationsController < Devise::RegistrationsController

  def update_resource(resource, params)
    resource.update_without_password(params) if current_user.admin == true
  end
end

0

ruby-on-rails devise cancan

dgreen22 Sep 16 '17 at 21:52

source share

1 answer

dgreen22 · Accepted Answer · 2017-09-20T06:03:43+0000

I spent a lot of time trying to solve this problem and did not find the final completed examples online, so I put everything lower, so any new RoR / Devise users, hopefully, will not have the same problems.

Assuming what Deviseis in the model User. Make sure your Cancancan is configured accordingly. Something like this:

models / ability.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    current_user ||= User.new # guest user (not logged in)
    if current_user.admin
      can :manage, :all
    else
      can :manage, User, id: user.id
    end
 end
end

Follow the instructions in here.

, , . - , :

class UsersController < ApplicationController
  before_action :admin?, only: :index

  def index
    if params[:approved] == false
      @users = User.where(approved: false)
    else
      @users = User.all
    end
  end

private
  def admin?
    redirect_to '/login' unless current_user.admin == true
  end

end

( .erb not.haml, ) %td= link_to "Edit", edit_user_path(user) : <% = User.approved% >

          <td>
            <% if !User.approved %>
              <%= link_to "Approve User", user_path(:id => user.id, "user[approved]" => true), :method => :patch, class: "btn btn-success" %>
            <% else %>
              <%= link_to "Unapprove User", user_path(:id => user.id, "user[approved]" => false), :method => :patch, class: "btn btn-danger" %>
            <% end %>
          </td>

, , , . , , , a) , ( link_to Users, RegistrationsController#update.

, - Registrations , ..

, . , !

User Status Admin Status Statement - Rails + Devise + Cancancan

More articles: