Displaying 1 result from an estimated 1 matches for "require_ownership".
2008 Dec 19
3
Recommended way of restricting action permissions?
...actices" question. I''d like to block users
that don''t own a particular resource from performing edit/update/
destroy actions on it. Here''s how I currently do it:
## User has many resources, of different types
------- resource_controller.rb -------
before_filter :require_ownership, :only => [:edit, :update, :destroy]
... public actions ...
protected
def require_ownership
@resource = Resource.find(params[:id])
redirect_to_somewhere unless owns?(@resource)
end
------- application.rb -------
def owns?(resource)
resource.user_id == @current_user.id
end
... And I a...