我正在使用 devise_invitable
gem 在我的应用程序中启用邀请以及为 rails 3 应用程序设计。我有一个 User
和 Profile
模型。在 User
中,有一个 role
列给出了用户类型。
现在,我想通过将此范围路由范围限定为 devise/invitations#new
将创建新邀请的功能仅限于管理员,其中 user.role=='admin'
将其余路由开放给所有人。像这样的东西
MyApp::Application.routes.draw do
devise_for :users, skip: [:registrations, :invitations]
as :user do
get 'users/edit' => 'devise/registrations#edit', as: 'edit_user_registration'
put 'users' => 'devise/registrations#update', as: 'user_registration'
# manually define alll devise_invitable routes, except devise/invitations#new
# accept_user_invitation GET /users/invitation/accept(.:format) devise/invitations#edit
# user_invitation POST /users/invitation(.:format) devise/invitations#create
# also the #accept route goes here
end
resource :profile, except: :destroy
authenticated :user, lambda {|u| u.role == "admin"} do
resources :user, controller: "user"
#only allow admin to invite other users
# new_user_invitation GET /users/invitation/new(.:format) devise/invitations#new
end
root to: 'profiles#show'
end
可能的?另外,做同样事情的更好方法是什么?
最佳答案
如果不使用标准路由并在 Invitations Controller 中使用 before_filter 来检查仅针对 new 和 create 操作的管理员状态呢?
class Devise::InvitationsController < DeviseController
...
before_filter :is_admin?, :only => [:new, :create]
...
end
看起来 devise_invitable gem 实际上也在内部使用了这个方法:
class Devise::InvitationsController < DeviseController
before_filter :authenticate_inviter!, :only => [:new, :create]
before_filter :has_invitations_left?, :only => [:create]
before_filter :require_no_authentication, :only => [:edit, :update]
...
end
根据他们的 Readme :
To change the controller’s behavior, create a controller that inherits from Devise::InvitationsController. The available methods are: new, create, edit, and update. You should read the original controllers source before editing any of these actions.
我只想复制他们的默认 Controller 并尝试添加我自己的自定义 is_admin? before_filter 在那里用于新建和创建操作。当然,您还必须定义 is_admin? before 过滤器调用的方法。
关于ruby-on-rails - devise_invitable : Only allow admin to invite users,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14175961/