Vote count:
0
I'm looking for a better way to lock down a resource to a specific user (I'm using Devise for authentication) in Rails 4.
So here's what I've come up with in a controller (e.g., SomeResourcesController):
def show
@some_resource = SomeResource.find(params[:id])
redirect_to(root_url) unless current_user.id == @some_resource.user_id
end
def update
@some_resource = SomeResource.find(params[:id])
redirect_to(root_url) and return unless current_user.id == @ some_resource.user_id
# do update things
end
Basically, it redirects away if the user does not own the current resource. There is a relationship between User and SomeResource - User owns SomeResource.
I feel like there has to be a more Rails-y way to do this. In my googling, I came across CanCan, but it doesn't seem like it's solving the same problem - or if it is, it's not entirely clear how it's solving it.
So that all said - is there a better way to lock down resources to specific users than what I've come up with?
asked 46 secs ago
Aucun commentaire:
Enregistrer un commentaire