Pundit 在 Rails 4 应用程序中授权 @user 时出错 [Pundit::NotAuthorizedError in UsersController#destroy]
Pundit Error with authorize @user in Rails 4 Application [Pundit::NotAuthorizedError in UsersController#destroy]
我在 Rails 4 应用程序中尝试删除用户时遇到以下错误。
Pundit::NotAuthorizedError in UsersController#destroy
not allowed to destroy? this #<User:0x005595f691bd10>
Extracted source (around line #30):
@user = User.find(params[:id])
# debugger
authorize current_user
@user.destroy
redirect_to users_path, :notice => "User deleted."
end
我正在给 用户控制器 波纹管:
class UsersController < ApplicationController
before_filter :authenticate_user!
before_action :set_menu
def index
@users = User.all.page(params[:page]).per(8)
authorize @users
end
def show
@user = User.find(params[:id])
authorize @user
end
def update
@user = User.find(params[:id])
#authorize @user
if @user.update_attributes(secure_params)
redirect_to users_path, :notice => "User updated."
else
redirect_to users_path, :alert => "Unable to update user."
end
end
def destroy
@user = User.find(params[:id])
authorize @user
@user.destroy
redirect_to users_path, :notice => "User deleted."
end
private
def secure_params
params.require(:user).permit(:role)
end
def set_menu
store_menu("User")
end
end
下面是我的用户模型代码
class User < ActiveRecord::Base
enum role: [:admin,:user]
after_initialize :set_default_role, :if => :new_record?
def set_default_role
self.role ||= :user
end
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_one :customer
# has_one :customer, dependent: :destroy
end
下面是我的用户政策文件
class UserPolicy < ApplicationPolicy
attr_reader :user, :model
def initialize(user, model)
@user = user
@model = model
end
def index?
@user.admin?
end
class Scope < Scope
def resolve
scope
end
end
end
如何解决特定用户的删除或销毁操作错误?
您应该在 user_policy.rb 中添加删除方法,如下所示
def destroy?
current_user = @user
end
让销毁工作。
我在 Rails 4 应用程序中尝试删除用户时遇到以下错误。
Pundit::NotAuthorizedError in UsersController#destroy
not allowed to destroy? this #<User:0x005595f691bd10>
Extracted source (around line #30):
@user = User.find(params[:id])
# debugger
authorize current_user
@user.destroy
redirect_to users_path, :notice => "User deleted."
end
我正在给 用户控制器 波纹管:
class UsersController < ApplicationController
before_filter :authenticate_user!
before_action :set_menu
def index
@users = User.all.page(params[:page]).per(8)
authorize @users
end
def show
@user = User.find(params[:id])
authorize @user
end
def update
@user = User.find(params[:id])
#authorize @user
if @user.update_attributes(secure_params)
redirect_to users_path, :notice => "User updated."
else
redirect_to users_path, :alert => "Unable to update user."
end
end
def destroy
@user = User.find(params[:id])
authorize @user
@user.destroy
redirect_to users_path, :notice => "User deleted."
end
private
def secure_params
params.require(:user).permit(:role)
end
def set_menu
store_menu("User")
end
end
下面是我的用户模型代码
class User < ActiveRecord::Base
enum role: [:admin,:user]
after_initialize :set_default_role, :if => :new_record?
def set_default_role
self.role ||= :user
end
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_one :customer
# has_one :customer, dependent: :destroy
end
下面是我的用户政策文件
class UserPolicy < ApplicationPolicy
attr_reader :user, :model
def initialize(user, model)
@user = user
@model = model
end
def index?
@user.admin?
end
class Scope < Scope
def resolve
scope
end
end
end
如何解决特定用户的删除或销毁操作错误?
您应该在 user_policy.rb 中添加删除方法,如下所示
def destroy?
current_user = @user
end
让销毁工作。