before_filter :require_owner

后端未结

关注

 4  476

Happy的楠姐 2021-01-02 16:28

I have a number of resources (Trips, Schedules, etc) with actions that should be limited to just the resource\'s owner.

How do you implement code with a #require_ow

4条回答

[愿得一人] (楼主)

2021-01-02 17:06

There's a few different ways to do this. You should definitely check out the acl9 plugin (https://github.com/be9/acl9/wiki/tutorial:-securing-a-controller).

If you decide you want to do this yourself, I'd suggest doing something like:

class Trip < ...
    def owned_by?(user)
        self.user == user
    end
end 

class Comment < ...
    delegate :owned_by?, :to => :trip
end

# in your comment controller, for example
before_filter :find_comment
before_filter :require_owner
def require_owner
    redirect_unless_owner_of(@commemt)
end

# in your application controller
def redirect_unless_owner_of(model)
    redirect_to root_url unless model.owned_by?(current_user)
end

Forgive me if there are any syntax errors =) I hope this helps!

0 讨论(0)

查看其它4个回答