So I have an account manager for users on my site and it has their
profile which just displays their information, and a place where they
can edit their info, the problem I am having is right now a person can
edit anyone''s profile, so I obviously want to make it so they can only
edit their own profile. In my controller I added an if statement that
would check to see if the user was editing their profile which went like
this:
def edit
id = params[:id]
if session[:user_id] == id
begin
@user = User.find_by_id(id)
rescue
flash[:notice] = "No user by that user id can be found"
redirect_to(:controller => ''home'', :action =>
''index'')
end
else
flash[:notice] = "You are not authorized to edit this user"
redirect_to(:controller => ''account'', :action =>
''profile'', :id => id)
end
end
But that always gives me the message that I have set as my flash and
takes me to the profile that was trying to be edited (even if the
profile was my own).
Any suggestions?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---