4-3 STORY 2 - admin 可以登錄后臺

目標

• 管理者（商家）必須先登錄網(wǎng)站才能進入（商店）后臺
• 管理者必須有 admin 權(quán)限才能進入后臺

Step 0:

git checkout -b story2

Step 1: 必須要先登入才能進入

app/controllers/admin/products_controller.rb

class Admin::ProductsController < ApplicationController
+ before_action :authenticate_user!
 def index 
@products = Product.all 
end...(略)

在瀏覽器測試是否強制驗證
http://localhost:3000/admin/products/new

Step 2: 必須要有 admin 權(quán)限才能進入

app/controllers/admin/products_controller.rb

class Admin::ProductsController < ApplicationController
 before_action :authenticate_user!
+ before_action :admin_required 
def index 
@products = Product.all 
end...(略)

Step 3: 建立 admin 判斷式

app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.

  # For APIs, you may want to use :null_session instead.

  protect_from_forgery with: :exception

+ def admin_required
+   if !current_user.admin?
+     redirect_to "/", alert: "You are not admin."
+   end
+ end
end

Step 4: 加入 admin? 判斷式

app/models/user.rb

class User < ApplicationRecord
  # Include default devise modules. Others available are:

  # :confirmable, :lockable, :timeoutable and :omniauthable

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

+ def admin?
+   is_admin
+ end
end

Step 5: 新增 is_admin 欄位(boolean)

rails g migration add_is_admin_to_user

修改里面的檔案

db/migrate/xxx(一堆數(shù)字)_add_is_admin_to_user.rb

class AddIsAdminToUser < ActiveRecord::Migration[5.0]
 def change
+ add_column :users, :is_admin, :boolean, default: false 
end
end

執(zhí)行rake db:migrate
重開rails server
測試admin是否能進后臺
存取http://localhost:3000/admin/products/new

Step 6: 在 rails console 操作新增一個 admin 使用者

rails c

u = User.new(email: "admin@test.com", password: "123456", password_confirmation: "123456")
u.save
u.is_admin = true
u.save

再次測試admin是否能進后臺
存取http://localhost:3000/admin/products/new

Step 7: 新增一個 user 種子檔

db/seeds.rb

u = User.newu.email = "admin@test.com" # 可以改成自己的 
emailu.password = "123456" # 最少要六碼
u.password_confirmation = "123456" # 最少要六碼
u.is_admin = true
u.save

然后rake db:seed
即可自動建一個有 admin 權(quán)限的帳號
補充: 日后資料庫設(shè)定 ( migrate ) 重建時發(fā)生錯誤時的 bug fix
rake db:reset

Step 8: 建立后臺 layout

建立 layout: admin

app/controllers/admin/products_controller.rb

class Admin::ProductsController < ApplicationController
+ layout "admin" 
before_action :authenticate_user! 
before_action :admin_required
...(略)

touch app/views/layouts/admin.html.erb

app/views/layouts/admin.html.erb

<!DOCTYPE html>
<html>
<head>
  <title>JDstore 后臺</title>
  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
  <%= csrf_meta_tags %>
</head>
<body>
  <div class="container">
    <%= render "common/navbar" %>
    <div class="row">
      <div class="col-md-2">
        <ul class="nav nav-pills nav-stacked" style="max-width: 300px;">
          <li> <%= link_to("Products", admin_products_path) %> </li>
        </ul>
      </div>
      <div class="col-md-10">
        <%= yield %>
      </div>
    </div>
  </div>
</body>
</html>

完成

Step 9: git 存檔

git add .
git commit -m "only admin can access backend panel"