Rails scope find with current user

后端未结

关注

 3  466

失恋的感觉 2021-02-01 20:43

I\'m using Rails 3 with Devise for user auth. Let\'s say I have a User model, with Devise enabled, and a Product model, and that a User has_many Products.

In my Products

3条回答

别跟我提以往 (楼主)

2021-02-01 21:45
If you're running this code in a lot of your controllers, you should probably make it a before filter, and define a method to do that in your ApplicationController:
```
before_filter :set_product, :except => [:destroy, :index]

def set_product
  @product = current_user.admin? ? Product.find(params[:id]) : current_user.products.find(params[:id]) 
end
```
I don't know what you use to determine if a user is an admin or not (roles), but if you look into CanCan, it has an accessible_by scope that accepts an ability (an object that controls what users can and can't do) and returns records that user has access to based on permissions you write yourself. That is probably really what you want, but ripping out your permissions system and replacing it may or may not be feasible for you.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...