Self ownership
8 views
Skip to first unread message
Kevin Monk
Jan 8, 2011, 3:50:52 PM1/8/11
to acl9-discuss
It is possible to add access control that allows the current_user to
access the user show action it they are that user!?
Something like
UsersController <AC::BAse
access_control do
allow :admin
# allow if the current_user is @user, :to => [:show]
deny anonymous, :except => [:new]
end
def index
@users = User.all
..
end
def show
@user = User.find(params[:id])
...
end
end
I could set up lots of self ownership roles on create but that seems
really messy i.e.
@user = User.create!(params[:user])
@user.has_role!(:owner, @user)
SHould I just forget ACL9 for this part and user a before_filter?
access the user show action it they are that user!?
Something like
UsersController <AC::BAse
access_control do
allow :admin
# allow if the current_user is @user, :to => [:show]
deny anonymous, :except => [:new]
end
def index
@users = User.all
..
end
def show
@user = User.find(params[:id])
...
end
end
I could set up lots of self ownership roles on create but that seems
really messy i.e.
@user = User.create!(params[:user])
@user.has_role!(:owner, @user)
SHould I just forget ACL9 for this part and user a before_filter?
oleg dashevskii
Jan 9, 2011, 10:00:46 AM1/9/11
to acl9-d...@googlegroups.com
Hi Kevin,
here's an example
private
def me?
current_user == @user
--
Олег.
Kevin Monk
Jan 10, 2011, 5:04:28 AM1/10/11
to acl9-discuss
Simple when you put it like that! :)
Thanks Oleg.
Thanks Oleg.
Reply all
Reply to author
Forward
0 new messages