只允许数据所有者访问
Only allow owner of data to access
我正在使用设计,belongs_to 来快速添加关系。例如:
rails generate devise User
rails generate scaffold Campaign name:string user:belongs_to
请告诉我,我怎样才能只允许数据的所有者访问数据?
用户可以这样访问他们的活动:
current_user.campaigns
CampaignsController
def show
#this will search only within current user campaigns.
@campaign = current_user.campaigns.find_by(id: params[:id]).
if campaign
#this campaign exists and its from current_user
...
end
end
def index
#only this user campaigns
@campaigns = current_user.campaigns
end
def new
@campaign = current_user.campaigns.build
end
def create
#This campaign is created with user_id = current_user.id
@campaign = current_user.campaigns.build(campaign_params)
@campaign.save
end
private
def campaign_params
params.require(:campaign).permit(:name)
end
我正在使用设计,belongs_to 来快速添加关系。例如:
rails generate devise User
rails generate scaffold Campaign name:string user:belongs_to
请告诉我,我怎样才能只允许数据的所有者访问数据?
用户可以这样访问他们的活动:
current_user.campaigns
CampaignsController
def show
#this will search only within current user campaigns.
@campaign = current_user.campaigns.find_by(id: params[:id]).
if campaign
#this campaign exists and its from current_user
...
end
end
def index
#only this user campaigns
@campaigns = current_user.campaigns
end
def new
@campaign = current_user.campaigns.build
end
def create
#This campaign is created with user_id = current_user.id
@campaign = current_user.campaigns.build(campaign_params)
@campaign.save
end
private
def campaign_params
params.require(:campaign).permit(:name)
end