我正在开发一个Web应用程序,用户可以在其中创建和管理他们的慢跑会话(Jogs).管理员用户应该能够删除任何慢跑,而普通用户应该只能删除他们自己的慢跑.此外,经理应该能够删除自己的JOG,但不能删除其他用户的JOG.我已经在控制器的销毁操作中设置了适当的条件来处理这些权限.然而,尽管实现了这些条件,我仍然面临着删除功能的问题:
作为管理员,我可以删除我自己的Jog,但我无法删除其他用户创建的Jog,链接会显示出来,但当我点击它时,我会返回到我的rooturl,什么都不会发生,也不会出现任何错误.
class JogsController < ApplicationController
before_action :logged_in_user, only: [:create, :destroy]
before_action :correct_user, only: :destroy
before_action :set_jog, only: [:show, :edit, :update, :destroy]
before_action :authorize_jog_deletion, only: :destroy
def weekly_report
@jog = Jog.find(params[:id])
@selected_week = params[:week].to_i if params[:week].present?
结束
def create
@jog = current_user.jogs.build(jog_params)
if @jog.save
flash[:success] = "Jog session created!"
redirect_to root_url
else
@feed_items = current_user.feed.paginate(page: params[:page])
r结束er 'static_pages/home'
结束
结束
def destroy
authorize_jog_deletion
@jog.destroy
flash[:success] = "Jog deleted"
redirect_to request.referrer || root_url
结束
私有
def jog_params
params.require(:jog).permit(:distance_km, :duration_minutes, :date)
结束
def correct_user
@jog = current_user.jogs.find_by(id: params[:id])
redirect_to root_url if @jog.nil?
结束
def set_jog
@jog = Jog.find(params[:id])
结束
def authorize_jog_deletion
unless current_user.admin? ||
(@jog.user == current_user) ||
(current_user.manager? && current_user == @jog.user)
flash[:danger] = "You are not authorized to delete this jog"
redirect_to (root_url)
结束
结束
结束
App/view/jogs/_jog.html.erb
<div class="weekly-report-button-container">
<%= link_to "View Weekly Report", weekly_report_jog_path(jog), class: "btn btn-primary" %>
</div class="weekly-report-button-container">
<li id="jog-<%= jog.id %>">
<%= link_to gravatar_for(jog.user, size: 50), jog.user %>
<span class="user"><%= link_to jog.user.name, jog.user %></span>
<span class="content">
Distance: <%= jog.distance_km %> km |
Duration: <%= jog.duration_minutes %> minutes |
Date: <%= jog.date.strftime('%Y-%m-%d') %>
</span>
<span class="average-speed">Average Speed: <%= jog.average_speed %> km/h</span>
<span class="timestamp">
Jogged on the site <%= time_ago_in_words(jog.date) %> ago.
<% if current_user.admin? || (current_user.manager? && jog.user_id == current_user.id) || (jog.user_id == current_user.id) %>
<%= button_to "delete", jog_path(jog), method: :delete, data: { confirm: "Are you sure you want to delete this jog?" } %>
<% 结束 %>
</span>
</li>
app/models/jog.rb
类应用程序记录(&L) 归属者:用户
验证:user_id,Presence:True 验证:日期,存在:真,包含:{in:(Date.new(2020)..Date.Today)} 验证:距离_公里,存在:真,数值:{大于:0} 验证:持续时间_分钟,状态:真
Def admin? 行政部 结束
Def经理? 经理 结束
Def self.Callate_Week_Total_Discipline(用户) Week_Total=}
user.jogs.each do |jog|
week = jog.date.cweek
weekly_total_distance[week] ||= 0
weekly_total_distance[week] += jog.distance_km
结束
weekly_total_distance
结束
定义平均速度 如果持续时间_分钟为零,则返回0?
(distance_km / duration_hours).round(2)
结束
私有
def duration_hours duration_minutes / 60.0 结束 结束
config/routes.rb
Rails.application.routes.draw do
root 'static_pages#home'
get 'help' => 'static_pages#help'
get 'about' => 'static_pages#about'
get 'contact' => 'static_pages#contact'
get 'signup' => 'users#new'
get 'login' => 'sessions#new'
post 'login' => 'sessions#create'
delete 'logout' => 'sessions#destroy'
resources :users do
member do
get :following, :followers
结束
结束
resources :users
resources :account_activations, only: [:edit]
resources :password_resets, only: [:new, :create, :edit, :update]
resources :jogs, only: [:create, :destroy]
resources :relationships, only: [:create, :destroy]
resources :jogs do
member do
get :weekly_report
结束
结束
结束
我还try 将删除链接切换到一个按钮,并且我已经确认在控制器的销毁操作中正确设置了条件.尽管做出了所有这些努力,我仍然面临着这些问题.此外,其他删除链接在我的应用程序中也可以使用,但这个不能.