Check if current_user is the owner of a resource and allow edit/delete actions

Question

Example:

User A (id=10) has created a photo resource

photo: (id: 1 user_id = 10, url: \"http://...\")
         


        

Answer 1

I captured the exception from within a before_filter action:

before_action :set_photo, only: [:edit, :update, :destroy]

def set_photo
  @photo = current_user.photos.find(params[:id])

  rescue ActiveRecord::RecordNotFound
    redirect_to(root_url, :notice => 'Record not found')
end

Hope this helps someone. I'm using Rails 4 and Ruby 2.