我有一个应用程序,用户可以在其中提名一个也可以查看其帐户的密钥持有人。我有一个 before_filter,这意味着只有帐户持有人或他们的密钥持有人才能查看他们的帐户。此代码适用于查看用户主页的任何人,但我无法做任何进一步的事情 - 我目前以密钥持有者身份登录,我无法注销或向任一帐户添加“注释”(现在密钥持有人可以不受限制地访问他们自己的帐户和他们的密钥持有人)。请问有人可以帮忙吗?
before_filter 是:
def correct_user
@user = User.find(params[:id])
unless (@user && current_user.id == @user.id) || ((current_user.access_id==@user.id)&&(current_user.id==@user.access_id))
redirect_to root_path
end
end
我在尝试创建笔记时遇到的错误是:
ActiveRecord::RecordNotFound in NotesController#new
Couldn't find User without an ID
它指的是 before_filter 中的@user 行。
为什么当我作为keyholder登录时,我可以查看主页,但不能执行其他操作?谢谢!
更新:
更新 before_filter(在 application_controller.rb 中):
def correct_user
if params[:id]
@user = User.find(params[:id])
unless (@user && current_user.id == @user.id) || ((current_user.access_id==@user.id)&&(current_user.id==@user.access_id))
redirect_to root_path
end
else
redirect_to root_path
end
end
笔记创建时的控制台输出:
Started POST "/notes" for 127.0.0.1 at 2013-02-28 14:10:49 +0000
Processing by NotesController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"qMDHQAoC4l3Be5YZKSH1AJ9E5zS1D
kMNCW2KzUZ38gM=", "note"=>{"user_id"=>"16", "content"=>""}, "commit"=>"Update Note"}
Redirected to http://localhost:3000/
Filter chain halted as :correct_user rendered or redirected
Completed 302 Found in 98ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2013-02-28 14:10:49 +0000
Processing by PublicController#index as HTML
←[1m←[36mUser Load (3.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users
"."id" = 16 LIMIT 1←[0m
Rendered public/index.html.erb within layouts/application (5.0ms)
←[1m←[36mTimeline Load (3.0ms)←[0m ←[1mSELECT "timelines".* FROM "timelines"
WHERE "timelines"."user_id" = 16 LIMIT 1←[0m
←[1m←[36mMessageBoard Load (2.0ms)←[0m ←[1mSELECT "message_boards".* FROM "me
ssage_boards" WHERE "message_boards"."user_id" = 16 LIMIT 1←[0m
Rendered partials/_menuoptions.html.erb (53.0ms)
Completed 200 OK in 551ms (Views: 535.0ms | ActiveRecord: 16.0ms)