[英]Authorise user to edit only their account with Rails
I would like to allow user to edit their account, and only their account, without using Devise and / or Cancan. 我想允许用户编辑其帐户,并且仅编辑其帐户,而无需使用Devise和/或Cancan。
I have the following in application_controller
: 我在application_controller
有以下内容:
helper_method :current_user
helper_method :require_proprio
private
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def require_proprio
unless current_user == (params[:id])
render :file => "#{Rails.root}/public/422", :status => 500
end
end
Here's the users_controller
: 这是users_controller
:
before_filter :require_proprio , :only => [ :edit, :update]
But when I'm connected with the user.id = 10
, for example, I can't access to the page http://localhost:3000/users/10/edit
. 但是,例如,当我连接到user.id = 10
,我无法访问页面http://localhost:3000/users/10/edit
。 The page public/422
appears. 出现页面public/422
。 I tried also to access http://localhost:3000/users/11/edit
, and the result is the same (public/422). 我也尝试访问http://localhost:3000/users/11/edit
,结果是相同的(public / 422)。
Does someone have an idea of the way I can resolve it ? 有人对我的解决方法有所了解吗? Thanks 谢谢
unless current_user == (params[:id])
current_user is an object, so this will never be true. current_user是一个对象,因此永远不会如此。 Try: 尝试:
unless current_user.id == params.fetch(:id).to_i
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.