发表新帖
发表新帖

Check if current_user is the owner of a resource and allow edit/delete actions

后端 未结
关注
9 595
鱼传尺愫
鱼传尺愫 2021-02-02 00:02

Example:

User A (id=10) has created a photo resource

photo: (id: 1 user_id = 10, url: \"http://...\")
9条回答
  • 被撕碎了的回忆
    被撕碎了的回忆 (楼主)
    2021-02-02 00:56

    In your PhotosController:

    before_filter :require_permission, only: :edit

def require_permission
  if current_user != Photo.find(params[:id]).user
    redirect_to root_path
    #Or do something else here
  end
end

    0 讨论(0)
 看不清?
提交回复
热议问题