Hi
I have this code
def destroy
@property = Property.find(params[:id])
IsAuthorized?(@property.user_id)
@property.destroy
respond_to do |format|
format.html { redirect_to(properties_url) }
format.xml { head :ok }
end
end
def IsAuthorized?(id)
if current_user.id!= id
flash[:notice] = 'Not authorized '
redirect_to(properties_url)
end
end
If a not authorized user calls destroy it stills calls
@property.destroy.
How can I prevent the destory function from calling @property.destroy
if the user is not authorized?
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-t...@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
