Rails & Devise: How to authenticate specific user?

2020-06-23 07:07发布

站内问答 / 前端开发
951 2 6

I'm using Devise for the first time with rails, and I'm having trouble with one thing: I used the provided authenticate_user! method in my user's controller to restrict access to pages like so: before_filter :authenticate_user!, :only => [:edit, :show, :update, :create, :destroy]

But this allows any signed in user to access any other users :edit action, which I want to restrict to only that user. How would I do that?

2条回答
三岁会撩人
2楼-- · 2020-06-23 07:47

You should look into Authorization such as CanCan. Or alternatively create a new method like so:

# Create an admin boolean column for your user table.

def authenticate_admin!
  authenticate_user! and current_user.admin?
end
查看更多
0人赞 添加讨论(0) 举报
Viruses.
3楼-- · 2020-06-23 08:01

In your edit method, you need to do a check to see if the user owns the record:

def edit
   @record = Record.find(params[:id])
   if @record.user == current_user
      @record.update_attributes(params[:record])
   else
      redirect_to root_path
   end
end
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)