导轨和放大器;设计:如何验证特定的用户? [英] Rails & Devise: How to authenticate specific user?
问题描述
我使用的设计首次使用Rails,和我有一件事情烦恼:
我用所提供的的authenticate_user
方法在我的用户控制器来限制访问,像这样的网页!的before_filter:的authenticate_user!:只=>
I'm using Devise for the first time with rails, and I'm having trouble with one thing:
I used the provided authenticate_user!
method in my user's controller to restrict access to pages like so:
before_filter :authenticate_user!, :only => [:edit, :show, :update, :create, :destroy]
但是,这允许任何登录的用户访问任何其他用户编辑
动作,我想限制到只有该用户。我会怎么做呢?
But this allows any signed in user to access any other users :edit
action, which I want to restrict to only that user. How would I do that?
推荐答案
在您的编辑方法,你需要做一个检查,以查看用户是否拥有记录:
In your edit method, you need to do a check to see if the user owns the record:
def edit
@record = Record.find(params[:id])
if @record.user == current_user
@record.update_attributes(params[:record])
else
redirect_to root_path
end
end
这篇关于导轨和放大器;设计:如何验证特定的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!