如何防止“尚未获得批准”的管理员访问我的web应用程序中的管理功能?
如何防止“尚未获得批准”的管理员访问我的web应用程序中的管理功能?
提问于 2014-02-28 21:12:59
为了让多个人能够成为一个业务页面的管理员,我们创建了一个名为“管理”的模型,在这个模型中,人们可以申请成为一个企业的管理员,因此"0“的状态是”未决“,"1”的状态被接受。
如何防止用户编辑其状态仍为"0“的页面(挂起)。
class Administration < ActiveRecord::Base
attr_accessible :business_id, :user_id, :status
belongs_to :user
belongs_to :business
scope :pending, where('status = ?',0).order("updated_at desc")
def self.new_by_user_business( user, business)
admin = self.new
admin.business_id = business.id
admin.user_id = user.id
admin.status = 0
admin.save!
end
end以下是当前的“编辑页面”
<h1>Editing business</h1>
<%= render 'form1' %>这是业务负责人。
class BusinessesController < ApplicationController
respond_to :html, :xml, :json
before_filter :authenticate_user!, except: [:index, :show]
def index
@businesses = Business.all
respond_with(@businesses)
end
def show
@business = Business.find(params[:id])
if request.path != business_path(@business)
redirect_to @business, status: :moved_permanently
end
end
def new
@business = Business.new
3.times { @business.assets.build }
respond_with(@business)
end
def edit
@business = get_business(params[:id])
@avatar = @business.assets.count
@avatar = 3-@avatar
@avatar.times {@business.assets.build}
end
def create
@business = Business.new(params[:business])
if @business.save
redirect_to @business, notice: 'Business was successfully created.'
else
3.times { @business.assets.build }
render 'new'
end
end
def update
@business = get_business(params[:id])
if @business.update_attributes(params[:business])
flash[:notice] = "Successfully updated Business."
end
@avatar = @business.assets.count
@avatar = 3-@avatar
@avatar.times {@business.assets.build}
respond_with(@business)
end
def destroy
@business = get_business(params[:id])
@business.destroy
respond_with(@business)
end
def my_business
@business = Business.all
end
def business_tickets
@user = current_user
@business = get_business(params[:id])
@tickets = @business.tickets
@business_inbox = TicketReply.where(:email => @business.callred_email)
end
def your_business
@user = current_user
@business = get_business(params[:id])
if @business.users.map(&:id).include? current_user.id
redirect_to my_business_businesses_path, notice: 'You are already an administator of this business.'
else
@admin = Administration.new_by_user_business( @user, @business)
BusinessMailer.delay(queue: "is_your_business", priority: 20, run_at: 5.minutes.from_now).is_your_business(@user,@business)
redirect_to @business, notice: 'Thank you for claiming your business, and we will be in touch with you shortly.'
end
end
def view_message
# @business = Business.find(params[:business_id])
@ticket = Ticket.find(params[:id])
@reply = @ticket.ticket_replies
end
private
def get_business(business_id)
@business = Business.find(business_id)
end
end回答 1
Stack Overflow用户
回答已采纳
发布于 2014-02-28 21:17:16
您可以添加一个before_filter来检查状态。你将不得不改变一些逻辑,但这是一个想法
class BusinessesController < ApplicationController
before_filter :restrict_access, :only => [:edit, :update]
private
def restrict_access
@business = get_business(params[:id])
redirect to root_path, :notice => "Not Authorized" unless current_user.status == 1
end
end页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/22105920
复制相关文章
相似问题
腾讯云开发者
