0
포스터를 추가하는 중입니다. 검토 중이므로 검토 중입니다. 저는 두 가지 역할을합니다 : 관리자와 사용자. 사용자는 포스터를 만들고 업데이트 할 수 있습니다. 사용자가 끝나면 버튼을 "밀기"시키고 포스터를 검토 용으로 밀어 넣어 관리자가 수락하거나 거부 할 수 있습니다. "밀어 넣기"동작 후에 사용자 포스터가 "눌려 졌을 때"사용자가 포스터를 바꿀 수 없으면 어떻게할까요? 내 파일의 몇 가지 : 내가 알고있는 것처럼CanCan 및 state_machine 문제
class PostersController < ApplicationController
before_action :authenticate_user!, except: [:index, :show]
authorize_resource except: [:push, :my_posters]
load_resource except: :create
# GET /posters
# GET /posters.json
def index
@posters = Poster.paginate(page: params[:page], per_page: 10)
end
# GET /posters/1
# GET /posters/1.json
def show; end
def admin_show
@posters = Poster.paginate(page: params[:page], per_page: 10)
end
def my_posters
@posters = Poster.paginate(page: params[:page], per_page: 10)
end
# GET /posters/new
def new; end
# GET /posters/1/edit
def edit
end
# POST /posters
# POST /posters.json
def create
@poster = Poster.new(poster_params)
@poster.user_id = current_user.id
@poster.publish_date = DateTime.now
respond_to do |format|
if @poster.save
format.html { redirect_to @poster, notice: 'Poster was successfully created.' }
else
format.html { render action: 'new' }
end
end
end
# PATCH/PUT /posters/1
# PATCH/PUT /posters/1.json
def update
respond_to do |format|
if @poster.update(poster_params)
format.html { redirect_to @poster, notice: 'Poster was successfully updated.' }
else
format.html { render action: 'edit' }
end
end
end
# DELETE /posters/1
# DELETE /posters/1.json
def destroy
@poster.destroy
respond_to do |format|
format.html { redirect_to posters_url }
end
end
[:accept, :reject, :publish].each do |method_name|
define_method method_name do
@poster.send(method_name)
flash[:notice] = "#{method_name.capitalize} was successful."
redirect_to posters_path
end
end
[:push].each do |method_name|
define_method method_name do
@poster.send(method_name)
flash[:notice] = "#{method_name.capitalize} was successful."
redirect_to posters_path
end
end
private
# Never trust parameters from the scary internet, only allow the white list through.
def poster_params
params.require(:poster).permit(:title, :body, :type_id, :type_name,
poster_images_attributes: [:image, :id])
end
end
posters_controller.rb
class Poster < ActiveRecord::Base
has_many :poster_images, dependent: :destroy
accepts_nested_attributes_for :poster_images, allow_destroy: true
belongs_to :type
belongs_to :user
default_scope -> { order('created_at DESC') }
validates :title, :body, :publish_date, :user_id, :type_id, presence: true
state_machine initial: :draft do
event :push do
transition draft: :pushed
end
event :reject do
transition pushed: :rejected
end
event :accept do
transition pushed: :accepted
end
event :publish do
transition accepted: :published
end
event :archive do
transition published: :archived
end
end
end
poster.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.has_role? :admin
can :manage, :all
cannot :create, Poster
end
can :read, Poster
if user.has_role? :user
can :create, Poster
can :update, Poster, user_id: user.id
cannot :update, Poster, state: "pushed"
can :destroy, Poster, user_id: user.id
end