I have devise + a scaffold "house" created, and I want that a user only can edite your own house.
This is my houses_controller:
def authenticate_owner!
@house = house.find(params[:id])
if user_signed_in? && current_user.email == @house.user.email
return true
end
redirect_to root_path, :notice => "You must have permission to access this category."
return false
end
I have too this code in the top houses_controller:
before_filter :authenticate_owne开发者_开发知识库r!
skip_before_filter :authenticate_owner! , :only => [:show, :index, :new]
but not working, always show the message:
"You must have permission to access this category."
how I can get the user who created the scaffold and compare it to the user who is registered?
You need to put an else there.. you probably meant to write:
def authenticate_owner!
@house = house.find(params[:id])
if user_signed_in? && current_user.email == @house.user.email
return true
else
redirect_to root_path, :notice => "You must have permission to access this category."
return false # this will never be executed!!
end
end
Fixed :D The problem is @house = house.find(params[:id]), is: @house = House.find(params[:id])
精彩评论