I have a sample Rails 3.1.1 app开发者_运维问答lication that I have set devise up to manage the user accounts etc.
I ran the following steps to add an admin attribute to the user table:
$ rails generate migration add_admin_to_user admin:boolean
Added the following to my migration:
class AddAdminToUser < ActiveRecord::Migration
def self.up
add_column :users, :admin, :boolean, :default => false
end
def self.down
remove_column :users, :admin
end
end
I then ran the db:migrate and added the following to my layout file:
<% if current_user.admin? %>
You are ADMIN.
<%end %>
Then, to add the first admin user I used the following seed file:
puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password'
puts 'New user created: ' << user.name
That worked, so I then adapted it with the admin field:
puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password', :admin => 'true'
puts 'New user created: ' << user.name
The above seed file worked, but the admin flag isn't being shown.
Have I missed something?
Update: model/user/rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :name, :email, :password, :password_confirmation, :remember_me
end
Don't add admin to attr_accessible. This could lead to a major security breach. A malicious user could send a PUT request as follows:
put /users/17?admin=1
which would grant user with id 17 admin privileges. The whole point of attr_accessible is to define which attributes are accessible to your model. This one in particular is probably not one you want available.
Instead, I suggest that you create your sample user with a rake file. Place a file (user_data.rake) in lib/tasks with the following and it should do the trick.
namespace :db do
desc "Fill database with sample data"
task populate: :environment do
admin = User.create!(name: "Test User",
email: "test@test.com",
password: "password",
password_confirmation: "password")
admin.toggle!(:admin)
end
end
This defines a task db:populate and should be all you need for creating your sample user.
Having already done a db:migrate, just run db:reset, db:populate.
Note the admin.toggle!. That is where the magic happens.
The toggle method should be used with caution since it bypasses callbacks and validations you have defined for your model. In the case I've mentioned, since you are using it from a rake task manually there is no risk that it could be used maliciously in mass-assignment. You can find more information on the toggle method here: http://apidock.com/rails/ActiveRecord/Base/toggle
I agree don't add :admin to attr_accessible, that advice was crazy. As for saneshark, Why create a task when that is the purpose of seed? Just put the toggle inside your db/migrate/seeds.rb file. In your seed file change:
puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password', :admin => 'true'
puts 'New user created: ' << user.name
to:
puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password'
user.toggle!(:admin)
puts 'New user created: ' << user.name
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论