Home/ Questions/Q 6926577
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T10:56:10+00:00

I working on an app with user authorization. It has a List and User

  • 0

I working on an app with user authorization. It has a List and User classes. The authentication was built with Ryan Bates http://railscasts.com/episodes/270-authentication-in-rails-3-1

I’m not sure about authorization process. I read about cancan gem. But i could not understand.

I want to achieve this:

  1. User only able to view/edit/delete his own list.
  2. User only able to view/edit/delete his own profile(user class).

I don’t implement user level right now. No guess or admin.

How to use before_filter method in list and User controller with current_user instance?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you are defining current_user in the application controller, this is easy. You can use before_filter like this in the Users controller:

    class ItemsController < ApplicationController
  before_filter :check_if_owner, :only => [:edit, :update, :show, :destroy]

  def check_if_owner
    unless current_user.admin? # check whether the user is admin, preferably by a method in the model
      unless # check whether the current user is the owner of the item (or whether it is his account) like 'current_user.id == params[:id].to_i'
        flash[:notice] = "You dont have permission to modify this item"
        redirect_to # some path
        return
      end
    end
  end

  ###

end

    You should add a similar method to UsersController to check if it is his profile, he is editing.

    Also, have a look at Devise which is the recommended plugin for authentication purposes.

    • 0