添加针对博客撰写、编辑、删除功能的权限控制

2016-01-08 19:09:49 +08:00 · 2016-01-08 19:09:49 +08:00 · 133bb03350
parent e2d8649aae
commit 133bb03350
4 changed files with 10 additions and 7 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
-  helper_method :current_user, :is_logined?, :current_user_is_admin?, :get_categories_options, :current_user_can_star?,
+  helper_method :current_user, :is_logined?, :current_user_is_admin?, :current_user_is_author?, :get_categories_options, :current_user_can_star?,
                :current_user_can_edit_comment?, :markdown_parser

  rescue_from Exception, with: :error_500 unless Rails.env.development?
@ -23,6 +23,10 @@ class ApplicationController < ActionController::Base
    @current_user && @current_user.admin
  end

+  def current_user_is_author?(article)
+      @current_user.id == article.user_id
+  end
+
  def current_user_can_star?(article)
    return false unless @current_user
    !article.article_stars.find_by(user_id: @current_user.id).present?
--- a/app/controllers/articles_controller.rb
+++ b/app/controllers/articles_controller.rb
@ -1,5 +1,5 @@
 class ArticlesController < ApplicationController
-  before_filter :check_current_user_is_admin, only: [:new, :create, :edit, :update]
+ # before_filter :check_current_user_is_admin, only: [:new, :create, :edit, :update]
  before_filter :article, only: [:show, :edit, :update, :destroy, :star]
  
  def index
--- a/app/views/articles/show.html.haml
+++ b/app/views/articles/show.html.haml
@ -4,7 +4,7 @@
    - if @article.source.empty?
      [原创]
    = @article.title
-    - if current_user_is_admin?
+    -if current_user_is_author?(@article) || current_user_is_admin?
      = link_to edit_article_path(@article) do
        %span.icon.icon-edit
      = link_to article_path(@article), method: 'delete', "data-confirm"=> "确定删除吗？" do
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@ -33,7 +33,6 @@
                        = gravatar_image_tag @current_user.email, size: 100, alt: @current_user.nickname, gravatar: {default: 'https://secure.gravatar.com/avatar/08f077ea061585744ee080824f5a8e65.png?r=PG&d=identicon&s=64'}
                    %li
                      = link_to '设置', set_blogs_path
-                    - if current_user_is_admin?
                    %li
                      = link_to '写博客', new_article_path
                    %li