通过设计更改相关模型的DB值

我正在使用Deviate for users,我有另一个名为Host Requests的模型,它允许用户在站点上提交不同访问级别的应用程序。在用户模型中,我有一个列(布尔值),用于显示可用的不同类型的访问角色。我正在尝试创建一个管理仪表板,其中列出了所有已提交的主机请求以供审阅。我试图在主机请求旁边创建两个按钮,允许管理员批准或拒绝用户请求。如果批准,它会将User DB列更改为TRUE,如果拒绝,它会将其更改为FALSE。我将我的其他属性添加到DeVIDE Sanitizer中以进行更新,但由于某些原因,我无法获取附加到host\u请求的user\u id的表以进行更新。单击按钮后,它最终会更改当前\u用户的值。

任何帮助或指导都将不胜感激!!!

型号-用户。rb型

    class User < ApplicationRecord

      has_many :host_requests
      has_many :timeslots
      has_many :experiences
      has_many :reservations
      # Include default devise modules. Others available are:
      # :confirmable, :lockable, :timeoutable and :omniauthable
      devise :database_authenticatable, :registerable,
             :recoverable, :rememberable, :trackable, :validatable, :confirmable

      validates :fullname, presence: true, length: {maximum: 50}

      after_create :send_admin_mail


      def send_admin_mail
        UserMailer.send_welcome_email(self).deliver_later
      end

    end

Model-host\u请求。rb型

    class HostRequest < ApplicationRecord
      belongs_to :user
      accepts_nested_attributes_for :user
    end

Controller-host\u requests\u控制器。rb型

    class HostRequestsController < ApplicationController
      before_action :set_host_request, only: [:show, :edit, :update, :destroy]

      load_and_authorize_resource


      # GET /host_requests
      # GET /host_requests.json
      def index
        if current_user.admin_role?
          redirect_to admin_url
        else current_user.host_role?
          @host_requests = current_user.host_requests
        end
      end

      # GET /host_requests/1
      # GET /host_requests/1.json
      def show
      end

      # GET /host_requests/new
      def new
        @host_request = HostRequest.new
        @host_request.user = current_user
      end

      # GET /host_requests/1/edit
      def edit
      end

      # POST /host_requests
      # POST /host_requests.json
      def create
        @host_request = current_user.host_requests.new(host_request_params)

        respond_to do |format|
          if @host_request.save
            format.html { redirect_to @host_request, notice: 'Host request was successfully created.' }
            format.json { render :show, status: :created, location: @host_request }
          else
            format.html { render :new }
            format.json { render json: @host_request.errors, status: :unprocessable_entity }
          end
        end
      end

      # PATCH/PUT /host_requests/1
      # PATCH/PUT /host_requests/1.json
      def update
        respond_to do |format|
          if @host_request.update(host_request_params)
            format.html { redirect_to @host_request, notice: 'Host request was successfully updated.' }
            format.json { render :show, status: :ok, location: @host_request }
          else
            format.html { render :edit }
            format.json { render json: @host_request.errors, status: :unprocessable_entity }
          end
        end
      end

      # DELETE /host_requests/1
      # DELETE /host_requests/1.json
      def destroy
        @host_request.destroy
        respond_to do |format|
          format.html { redirect_to host_requests_url, notice: 'Host request was successfully destroyed.' }
          format.json { head :no_content }
        end
      end

      private
        # Use callbacks to share common setup or constraints between actions.
        def set_host_request
          @host_request = HostRequest.find(params[:id])
        end

        # Never trust parameters from the scary internet, only allow the white list through.
        def host_request_params
          params.require(:host_request).permit(:user_id, :why_host, :your_skills, :your_eco)
        end
    end

表单-管理仪表板

    <% @host_requests.each do |request| %>
      <div class="row mr-1 mt-1 ml-1">
        <div class="col-md-6">
          <p><strong>User Name: </strong><%= request.user.fullname %></p>
          <p><strong>Why Host: </strong><%= request.why_host %></p>
        </div>
        <div class="col-md-6 text-right">
          <%= form_for(request.user, url: user_registration_path(request.user), html: { method: :put }) do |f| %>
            <%= f.hidden_field :host_role, value: true %>
            <%= f.submit "Approve", class: "btn btn-primary pull-right mr-1 ml-1"%>
          <% end %>
        </div>
      </div>
    <% end %>

设计-注册\控制器。rb型

    class Users::RegistrationsController < Devise::RegistrationsController
      # before_action :configure_sign_up_params, only: [:create]
       before_action :configure_account_update_params, only: [:update]


      def update_resource(resource, params)
        resource.update_without_password(params)
      end

      # GET /resource/sign_up
      # def new
      #   super
      # end

      # POST /resource
      # def create
      #   super
      # end

      # GET /resource/edit
      # def edit
      #   super
      # end

      # PUT /resource
      # def update
      #   super
      # end

      # DELETE /resource
      # def destroy
      #   super
      # end

      # GET /resource/cancel
      # Forces the session data which is usually expired after sign
      # in to be expired now. This is useful if the user wants to
      # cancel oauth signing in/up in the middle of the process,
      # removing all OAuth session data.
      # def cancel
      #   super
      # end


      # If you have extra params to permit, append them to the sanitizer.
       def configure_sign_up_params
         devise_parameter_sanitizer.permit(:sign_up, keys: [:host_role])
       end

      # If you have extra params to permit, append them to the sanitizer.
       def configure_account_update_params
         devise_parameter_sanitizer.permit(:account_update, keys: [:host_role])
       end


      # The path used after sign up.
      # def after_sign_up_path_for(resource)
      #   super(resource)
      # end

      # The path used after sign up for inactive accounts.
      # def after_inactive_sign_up_path_for(resource)
      #   super(resource)
      # end
    end