发表新帖
发表新帖

Check if current_user is the owner of a resource and allow edit/delete actions

后端 未结
关注
9 593
鱼传尺愫
鱼传尺愫 2021-02-02 00:02

Example:

User A (id=10) has created a photo resource

photo: (id: 1 user_id = 10, url: \"http://...\")
9条回答
  • 借酒劲吻你
    借酒劲吻你 (楼主)
    2021-02-02 00:44

    If CanCan is too advanced, you should loon into checking the id of the accessor in the controller using...

    if @user.id == @photo.user_id
  # edit photo details
else
  redirect_to root_path, notice: "You! Shall! Not! Edit!"

    ...or something like that

    0 讨论(0)
 看不清?
提交回复
热议问题