0

这是我的海报控制器!我只是想有人告诉我,如何使它与“load_resource”一起工作。“authorize_recourse”运行良好,但我必须改变什么才能使 load_resources 工作?我建议我必须用强大的参数做一些事情..谢谢

class PostersController < ApplicationController
  before_action :set_poster, only: [:show, :edit, :update, :destroy]
  before_filter :authenticate_user!, :except => :index
  # GET /posters
  # GET /posters.json
  def index
    @posters = Poster.all
  end

  # GET /posters/1
  # GET /posters/1.json
  def show
  end

  # GET /posters/new
  def new
    @poster = Poster.new

  end

  # GET /posters/1/edit
  def edit
  end

  # POST /posters
  # POST /posters.json
  def create
    @poster = Poster.new(poster_params)
    @poster.user_id = current_user.id

    respond_to do |format|
      if @poster.save
        format.html { redirect_to @poster, notice: 'Poster was successfully created.' }
        format.json { render action: 'show', status: :created, location: @poster }
      else
        format.html { render action: 'new' }
        format.json { render json: @poster.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /posters/1
  # PATCH/PUT /posters/1.json
  def update
    respond_to do |format|
      if @poster.update(poster_params)
        format.html { redirect_to @poster, notice: 'Poster was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @poster.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /posters/1
  # DELETE /posters/1.json
  def destroy
    @poster.destroy
    respond_to do |format|
      format.html { redirect_to posters_url }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_poster
      @poster = Poster.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def poster_params
      params.require(:poster).permit(:title, :body, :publish_date, :type)
    end
end
4

1 回答 1

1
class PostersController < ApplicationController
  load_resource except: :create
  authorize_resource except: :index

  def index
  end

  def new
  end

  def edit
  end

  def create
    authorize! :create, Poster
    @poster = Poster.new(poster_params)
    @poster.user_id = current_user.id

    respond_to do |format|
      if @poster.save
        format.html { redirect_to @poster, notice: 'Poster was successfully created.' }
        format.json { render action: 'show', status: :created, location: @poster }
      else
        format.html { render action: 'new' }
        format.json { render json: @poster.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /posters/1
  # PATCH/PUT /posters/1.json
  def update
    respond_to do |format|
      if @poster.update_attributes(poster_params)
        format.html { redirect_to @poster, notice: 'Poster was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @poster.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /posters/1
  # DELETE /posters/1.json
  def destroy
    @poster.destroy
    respond_to do |format|
      format.html { redirect_to posters_url }
      format.json { head :no_content }
    end
  end

  private
    # Never trust parameters from the scary internet, only allow the white list through.
    def poster_params
      params.require(:poster).permit(:title, :body, :publish_date, :type)
    end
end
于 2013-09-12T14:57:11.190 回答