Colin Law wrote: > 2010/1/10 Alberto Lopez <li...@ruby-forum.com>: >> Leonardo Mateo wrote: >>> On Sun, Jan 10, 2010 at 11:30 AM, Alberto Lopez <li...@ruby-forum.com> >>> wrote: >>>> Hello, How can I do, when a user make a post, he only can edit his >>>> posts? >>>> >>> Check for the owner of the post on the edit action? >> >> Exactly, if you have an user on my website an post anything, you will >> edit or destroy only your posts. > > I think that Leonardo meant that in the edit and destroy actions you > should test that the current user is the owner of the post and not > allow the action to proceed if not the owner. > > Colin
Aaahm.. I think yes. I don't know another way to make it :S (I'm a little bit novice. I know a little bit Ruby but I get into mess with some things). I have thought to make a function current_user probing the user by name and make an if sentence : if post.name == current_user{ edit, destroy } For example, but I dont know how to make it exactly.. :S (I hear bells but i dont know where) -- Posted via http://www.ruby-forum.com/.
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.