Pallav_bfs wrote in post #1044557: > Hello,I am quite new on rails. Currently making CRUD apps in rails 3.0 > in windows. > I've used devise [1.1.rc0] for authentication.In those apps any logged > in user can change other user's details. > > How can I design the app, so that any logged in user can edit/remove > his details only if he wishes to do so and can only view others' > records. > > After logging in he should be directed to his own page,where his > details are stored.He can only Update and Delete any of his details > there.But can only View the main page where his record will be kept > with other records.He should be able to remove or edit others' > records.
Take a look at one of the authorization frameworks such as CanCan: https://github.com/ryanb/cancan -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.