授权用户仅使用Rails编辑其帐户
[英]Authorise user to edit only their account with Rails
问题描述
I would like to allow user to edit their account, and only their account, without using Devise and / or Cancan. 
我想允许用户编辑其帐户,并且仅编辑其帐户,而无需使用Devise和/或Cancan。
I have the following in application_controller : 我在application_controller有以下内容:
helper_method :current_user
helper_method :require_proprio
private
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def require_proprio
unless current_user == (params[:id])
render :file => "#{Rails.root}/public/422", :status => 500
end
end
Here's the users_controller : 这是users_controller :
before_filter :require_proprio , :only => [ :edit, :update]
But when I'm connected with the user.id = 10 , for example, I can't access to the page http://localhost:3000/users/10/edit . 但是,例如,当我连接到user.id = 10 ,我无法访问页面http://localhost:3000/users/10/edit 。 The page public/422 appears. 出现页面public/422 。 I tried also to access http://localhost:3000/users/11/edit , and the result is the same (public/422). 我也尝试访问http://localhost:3000/users/11/edit ,结果是相同的(public / 422)。
Does someone have an idea of the way I can resolve it ? 有人对我的解决方法有所了解吗? Thanks 谢谢
1 个解决方案
解决方案1
2 已采纳 2013-01-16 15:30:48
unless current_user == (params[:id])
current_user is an object, so this will never be true. current_user是一个对象,因此永远不会如此。 Try: 尝试:
unless current_user.id == params.fetch(:id).to_i
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.