Merge pull request #5 from E2S2015/privilege

添加针对博客撰写、编辑、删除功能的权限控制
This commit is contained in:
thedreamwork 2016-01-14 20:07:38 +08:00
commit 3d5b45ab96
4 changed files with 10 additions and 7 deletions

View File

@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception. # Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception protect_from_forgery with: :exception
helper_method :current_user, :is_logined?, :current_user_is_admin?, :get_categories_options, :current_user_can_star?, helper_method :current_user, :is_logined?, :current_user_is_admin?, :current_user_is_author?, :get_categories_options, :current_user_can_star?,
:current_user_can_edit_comment?, :markdown_parser :current_user_can_edit_comment?, :markdown_parser
rescue_from Exception, with: :error_500 unless Rails.env.development? rescue_from Exception, with: :error_500 unless Rails.env.development?
@ -23,6 +23,10 @@ class ApplicationController < ActionController::Base
@current_user && @current_user.admin @current_user && @current_user.admin
end end
def current_user_is_author?(article)
@current_user.id == article.user_id
end
def current_user_can_star?(article) def current_user_can_star?(article)
return false unless @current_user return false unless @current_user
!article.article_stars.find_by(user_id: @current_user.id).present? !article.article_stars.find_by(user_id: @current_user.id).present?

View File

@ -1,5 +1,5 @@
class ArticlesController < ApplicationController class ArticlesController < ApplicationController
before_filter :check_current_user_is_admin, only: [:new, :create, :edit, :update] # before_filter :check_current_user_is_admin, only: [:new, :create, :edit, :update]
before_filter :article, only: [:show, :edit, :update, :destroy, :star] before_filter :article, only: [:show, :edit, :update, :destroy, :star]
def index def index

View File

@ -4,7 +4,7 @@
- if @article.source.empty? - if @article.source.empty?
[原创] [原创]
= @article.title = @article.title
- if current_user_is_admin? -if current_user_is_author?(@article) || current_user_is_admin?
= link_to edit_article_path(@article) do = link_to edit_article_path(@article) do
%span.icon.icon-edit %span.icon.icon-edit
= link_to article_path(@article), method: 'delete', "data-confirm"=> "确定删除吗?" do = link_to article_path(@article), method: 'delete', "data-confirm"=> "确定删除吗?" do

View File

@ -33,9 +33,8 @@
= gravatar_image_tag @current_user.email, size: 100, alt: @current_user.nickname, gravatar: {default: 'https://secure.gravatar.com/avatar/08f077ea061585744ee080824f5a8e65.png?r=PG&d=identicon&s=64'} = gravatar_image_tag @current_user.email, size: 100, alt: @current_user.nickname, gravatar: {default: 'https://secure.gravatar.com/avatar/08f077ea061585744ee080824f5a8e65.png?r=PG&d=identicon&s=64'}
%li %li
= link_to '设置', set_blogs_path = link_to '设置', set_blogs_path
- if current_user_is_admin? %li
%li = link_to '写博客', new_article_path
= link_to '写博客', new_article_path
%li %li
= link_to '退出', logout_path = link_to '退出', logout_path
.navbar-header.navbar-avatar .navbar-header.navbar-avatar