我是 Rails 的初学者,目前我正在做我的项目。这个想法是,当用户为某人买东西时,它可以创建一个包含我们这样的信息的交易:买了谁,花了多少钱,最后是一个短交易说明。我在数据库用户中创建了一个管理员列并初始化了一个管理员用户。我只为管理员限制了对索引操作的访问 - 管理员工作正常。 我希望管理员能够销毁索引视图中列出的事务。我为了实现这一目标而编写的内容不起作用。 这是索引视图的屏幕截图: https ://i.stack.imgur.com/pK1Rg.png
我在视图/事务/索引中的代码
<ul>
<% @transactions.each do |transaction| %>
<li>
<%= transaction.user_id %> |
<%= transaction.borrower_name %> |
<%= transaction.value %>
<%= button_to "Delete", action: "destroy", method: :delete,
params: { transaction: { transaction_id: transaction.id } } %>
</li>
<% end %>
</ul>
我的路线
Rails.application.routes.draw do
root 'static_pages#home'
get '/about', to: 'static_pages#about'
get '/help', to: 'static_pages#help'
get '/contact', to: 'static_pages#contact'
get '/signup', to: 'users#new'
get '/login', to: 'session#new'
post '/login', to: 'session#create'
delete '/logout', to: 'session#destroy'
get '/transactions', to: 'transactions#index'
post '/transactions/new', to: 'transactions#create'
get '/transactions/new', to: 'transactions#new'
post '/transactions/:id', to: 'transactions#edit'
delete '/transactions', to: 'transactions#destroy'
resources :users
resources :transactions
end
我的控制器
class TransactionsController < ApplicationController
#skip_before_action :is_logged_in?, only: [:index]
#before index and destroy action run check_admin -> ensure access only for admin user
before_action :check_admin?, only: [ :index, :destroy ]
def new
@transaction = Transaction.new
end
def create
#current_user
@transaction = current_user.transactions.build(transaction_params)
#check if borrower_name exists in db - it must exists to make a transaction
check = User.find_by(name: params[:transaction][:borrower_name])
if check != current_user
@transaction.save
flash[:success] = "You have made a transaction!"
redirect_to root_path
elsif check == current_user
flash[:danger] = "You try to make a transaction for yourself!"
render 'transactions/new'
else
flash[:danger] = "Something went wrong!Probably, the borrower is not registed."
render 'transactions/new'
end
end
def index
@transactions = Transaction.all
end
def edit
#get transactions where current_user borrows money from someone
@transaction = Transaction.where(id: params[:transaction][:transaction_id])
if params[:transaction][:active]
@transaction.update(active: params[:transaction][:active], activated_at: Time.zone.now)
else
@transaction.update(active: params[:transaction][:active])
end
redirect_to transaction_path(current_user)
end
def show
#grab the transactions assosiated with the user -
#user lends money - passive transactions
if current_user
#current_user lends money
@lend_transaction = current_user.transactions
#current_user borrows money
@borrow_transaction = Transaction.where(borrower_name: current_user.name)
end
end
def destroy
@transaction = Transaction.find(params[:transaction][:transaction_id])
@transaction.destroy
flash[:success] = "Transaction has been removed!"
redirect_to transactions_path
end
private
def transaction_params
params.require(:transaction).permit(:borrower_name, :value)
end
def check_admin?
#check if current_user has admin => true
redirect_to root_url unless current_user.admin
end
end
当我单击“删除”时,日志中会发生以下情况:https : //i.stack.imgur.com/A1HU8.png 我被重定向到 root_path - 很奇怪,看看创建操作。我不明白为什么它说“未经许可的参数::transaction_id”。我也不明白为什么在我点击“删除”后会出现一条消息:“你已经进行了交易!” 发生。这种闪光应该发生在创建动作中。这是html:
我将不胜感激任何帮助。
这是与 current_user 相关的 helpers/session_helper 代码部分:
#method to determine a current user
module SessionHelper
def current_user
#if there is a session -> use session hash
if session[:user_id]
#nil or equal
@current_user ||= User.find_by(id: session[:user_id])
#if there are cookies -> use cookies to operate log in
elsif cookies.encrypted[:user_id]
#find the user by the encrypted user_id key
user = User.find_by(id: cookies.encrypted[:user_id])
#if user exists and the remember token authentication succeed
#log in and set @current_user to user
if user && user.authenticated?(cookies[:remember_token])
log_in(user)
@curent_user = user
end
end
end