我在向用户创建的团队中分配当前用户角色方面存在挑战。我想分配创建团队的用户以后可以更改的队长角色。
我目前使用has_one关系附带的create_asociation方法,因为这实例化了关联模型的值,我想用当前用户对其进行实例化,但得到错误Can't mass assign protected attribute: captain
。 Captain与用户是自我加入模式,因为我希望使用captain.teammates
和team.captain
。 下面是涉及的模型。在导轨中设置一个ID作为默认外键
用户和船长模型
class User < ActiveRecord::Base
has_one :profile
has_many :teammates, :class_name => "User", :foreign_key => "captain_id"
belongs_to :captain, :class_name => "User"
belongs_to :team
# before_create :build_profile
after_create :build_default_profile
accepts_nested_attributes_for :profile
attr_accessible :email, :password, :password_confirmation, :profile_attributes, :captain_id
def build_default_profile
Profile.create(user_id: self.id)
end
has_secure_password
before_save { email.downcase! }
before_save :create_remember_token
VALID_EMAIL_REGEX = /\A[\w+\-.][email protected][a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
validates :password, presence: true, length: { minimum: 6 }
validates :password_confirmation, presence: true
private
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
end
小组模型
class Team < ActiveRecord::Base
has_many :profiles, through: :users
has_one :captain, :class_name => "User", foreign_key: :captain_id
has_one :result, as: :result_table
attr_accessible :teamname, :color, :result_attributes, :captain_attributes
after_create :build_result_table
after_create :build_default_captain
accepts_nested_attributes_for :profiles
accepts_nested_attributes_for :captain
accepts_nested_attributes_for :result
def build_result_table
Result.create(result_table_id: self.id, result_table_type: self.class.name)
end
def build_default_captain
# Team.captain = User
# Captain.create(team_id: self.id, captain_id: user.id)
end
end
用户控制器
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:index, :edit, :update, :destroy]
before_filter :correct_user, only: [:edit, :update]
before_filter :admin_user, only: :destroy
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save!
sign_in @user
flash[:success] = "Welcome to the JHDC Mini Olympics Web Application; Thanks for singing Up"
redirect_to user_profile_path(@user, @profile)
else
flash[:error_messages]
render 'new'
end
end
def show
@user = User.find(params[:id])
end
def index
@users = User.paginate(page: params[:page])
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update_attributes(params[:user])
flash[:success] = "Profile Updated"
redirect_to user_profile_path(@user, @profile)
else
render 'edit'
end
end
def destroy
User.find(params[:id]).destroy
flash[:success] = "User deleted."
redirect_to users_url
end
private
def signed_in_user
unless signed_in?
store_location
redirect_to signin_url, notice: "Please sign in."
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
def user_params
params.require(:user).permit(:email, :password, :password_confirmation)
end
end
end
队控制器
class TeamsController < ApplicationController
def new
@team = Team.new
end
def create
@team = Team.new(params[:team])
@captain = @team.create_captain(captain: current_user)
if current_user.admin?
if @team.save!
flash[:success] = "Team created."
redirect_to @team
else
flash[:error_messages]
render 'new'
end
else
flash[:error] = "Sorry, you don't have the authority to create a Team"
redirect_to current_user
end
end
def index
@teams = Team.paginate(page: params[:page])
end
def show
@team = Team.find(params[:id])
end
def edit
if current_user.admin?
@team = Team.find(params[:id])
else
flash[:error] = "Sorry you dont have the authourity to edit a Team"
redirect_to current_user
end
end
def update
@team = Team.find(params[:id])
if @team.update_attributes(params[:team])
flash[:success] = "Team Updated"
redirect_to @team
else
render 'edit'
end
end
def destroy
Team.find(params[:id]).destroy
flash[:success] = "Team is deleted."
redirect_to teams_url
end
private
def team_params
params.require(:team).permit(:teamname, :color)
end
end
管理员目前是我用来限制可以创建团队的用户的一种方式,但我打算使用像declarative authorization
这样的宝石来创建基于角色的授权。由于
我明白你的逻辑,@rorra,但我现在得到错误'未初始化的常量Team :: Captain'。 – 2015-02-23 22:25:02
该线'captain_id_changed? '抛出一个错误,它被视为一种没有定义的方法。请解释那部分。 – 2015-02-23 22:56:05
知道了,看到你的评论后添加了新的答案 – rorra 2015-02-23 22:57:17