0

我陷入了非常奇怪的境地。我正在使用 Devise,无法确定这两个是否在我的挫折中起作用。所以我有一个具有父子关系的用户模型。

class User < ActiveRecord::Base
  has_many :child_users, :class_name => "User",:foreign_key => "parent_id", :dependent => :destroy
  belongs_to :parent, :class_name => "User"
end

当我删除子用户时,我可以成功执行此操作,但是当我删除父用户时,我会重定向到根页面,说“您无权访问此页面”。这是我删除子用户时的代码

<h1>Users</h1>
<table class="table table-striped">
  <thead>
  <tr>
    <th>Email</th>
  </tr>
  </thead>
  <tbody>
  <% @users.each do |user| %>
      <tr>
        <td><%= user.email %></td>
        <td>
          <%= link_to 'Show', user_path(user), :class => 'btn btn-mini' %>
          <%= link_to 'Edit', edit_user_path(user), :class => 'btn btn-mini' %>
          <%= link_to 'Destroy', user_path(user), :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-mini btn-danger' %>
          <%= link_to "Categories", {:controller => "levels", :id => user.id },:class => 'btn btn-mini'%>
        </td>
      </tr>
  <% end %>
  </tbody>
</table>

<%= link_to "Add Sub Child", {:controller => "users", :action => "sub_child", :parent_id => current_user.id },:class => 'btn'%>

下面的代码适用于我删除父用户时

<h1>User</h1>
<p></p>
<table width="40%">
  <tr>
    <td><b>Email</b></td>
    <td><%= @user.email %></td>
  </tr>
</table>

<div class="form-actions">
  <%= link_to 'Edit', edit_user_path(@user), :class => 'btn' %>
  <%= link_to 'Delete', user_path, :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-danger' %>
</div>

用户控制器

class UsersController < ApplicationController
  before_filter :authenticate_user!
  load_and_authorize_resource

  respond_to :html, :json, :xml

  def show
    @user = User.find(params[:id])
    respond_with @user
  end

  def new
    @user = User.new
    RAILS_DEFAULT_LOGGER.error '***** JLD Message *****'

  end

  def index
    respond_with(@users = current_user.child_users)
  end

  def edit
    @user = User.find(params[:id])
  end

  def create
   @user = User.new(params[:user])

    if @user.save
      flash[:notice] = "#{ @user.email } created."
      redirect_to users_path
    else
      render :action => 'new'
    end
  end

  def destroy
    @user = User.find(params[:id])
    @user.destroy

    respond_to do |format|
      format.html { redirect_to users_url }
      format.json { head :no_content }
    end
  end

  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to @user, notice: 'User was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end
end

class ApplicationController < ActionController::Base
  protect_from_forgery

  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end
end

class Ability
  include CanCan::Ability

  def initialize(user)


    user ||= User.new # guest user (not logged in)
    # if user.admin?
    #  can :manage, :all
    #else

    can [:read, :update], User, :id => user.id
    can :manage, User, :parent_id => user.id

    #end

  end
end

任何建议都非常感谢。谢谢

4

2 回答 2

2

你忘@user了删除链接

<%= link_to 'Delete', user_path(@user), :method => :delete, :confirm => 'Are you sure?', :class => 'btn btn-danger' %>
于 2013-05-23T15:29:33.620 回答
0

我想到了。在说之前的能力模型

can [:read, :update], User, :id => user.id

现在有了这个变化

can :manage, User, :id => user.id

我可以删除父用户。当您要求提供给我方向的能力模型时,感谢 juanpastas。

于 2013-05-23T17:34:57.743 回答